Lucene search
K

33931 matches found

NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS0.00288EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 5:30 p.m.33 views

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

8.5CVSS0.00374EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 5:30 p.m.14 views

CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

9.9CVSS6AI score0.00374EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/05/11 5:16 p.m.36 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 5:16 p.m.12 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 5:14 p.m.12 views

CVE-2026-43639 Bitwarden Server < 2026.4.0 Missing Authorization via Provider Clients

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

8.9CVSS5.9AI score0.00596EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/11 5:14 p.m.32 views

CVE-2026-43639 Bitwarden Server < 2026.4.0 Missing Authorization via Provider Clients

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

8.9CVSS0.00596EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:14 p.m.9 views

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

8.9CVSS5.9AI score0.00596EPSS
Exploits1References6
CVE
CVE
added 2026/05/11 5:14 p.m.39 views

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 is affected by a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/{providerId}/clients/existing, resulting in takeover of the target organization. The issue is restric...

9.1CVSS5.9AI score0.00596EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:30 p.m.8 views

CVE-2026-2393 Server-Side Request Forgery (SSRF) in mlflow/mlflow

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS7.3AI score0.00288EPSS
Exploits1References2
CVE
CVE
added 2026/05/11 4:30 p.m.25 views

CVE-2026-2393

CVE-2026-2393: MLflow prior to 3.9.0 is vulnerable to SSRF via a user-controlled webhook URL. The _create_webhook() handler stores the URL without validation, and _send_webhook_request() POSTs to that URL, enabling an authenticated attacker to cause the MLflow backend to reach internal services, ...

7.1CVSS7.3AI score0.00288EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:4 p.m.8 views

CVE-2026-33362 Meari SDK hardcoded cryptographic keys

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

8.6CVSS5.8AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 4:3 p.m.47 views

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:3 p.m.5 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:3 p.m.11 views

CVE-2026-33359

Meari IoT Cloud uses Alibaba OSS for alert image storage; motion snapshots can be retrieved without authentication, signed URLs, or expiry enforcement. This affects motion alert images exposed as direct object references, with URLs remaining valid beyond expected windows. Root cause is lack of ac...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 4:2 p.m.7 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 3:59 p.m.6 views

Privilege Dropping / Lowering Errors

Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...

9.9CVSS6.7AI score0.0048EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 3:59 p.m.11 views

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...

9.9CVSS6.1AI score0.0048EPSS
Exploits0References6Affected Software1
Wiz blog
Wiz blog
added 2026/05/11 1:0 p.m.13 views

Wiz at Wiz: Reducing Risk through Service Ownership

How Wiz security uses Service Catalog to turn cloud risk into service ownership...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/11 10:16 a.m.17 views

CVE-2026-26946

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS0.00104EPSS
Exploits0References1
Rows per page
Query Builder