Lucene search
K

4297 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.361 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Cvelist
Cvelist
added 13 hours ago10 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56297

Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...

9.1CVSS5.9AI score0.00013EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 10:16 a.m.12 views

CVE-2025-24816

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...

6.5CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:58 a.m.18 views

CVE-2025-24816

Technical details about CVE-2025-24816 are not publicly available in the provided documents; monitor for updates from Nokia and vulnerability databases.

6.5CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:58 a.m.43 views

CVE-2025-24816 An Improper Access Control vulnerability in Nokia MantaRay NM

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...

0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 6:1 a.m.5 views

BIT-GITLAB-2026-2238 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52904

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description An authorization flaw exists where the 'GET /api/v3/shares' endpoint returns share details for all work packages within a project to any user possessing the...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.10 views

CVE-2026-2238

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.74 views

CVE-2026-2238

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 4:34 a.m.110 views

CVE-2026-2238

CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.37 views

CVE-2026-2238 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52202

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.5 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Improper authorization checks could allow an unauthenticated user to view confidential issue references ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

GitLab 17.5 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-2238)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 7:24 p.m.18 views

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS0.00265EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
Redos
Redos
added 2026/06/17 12:0 a.m.8 views

ROS-20260617-73-0027

The vulnerability of the msl.c component in the console-based image editing tool ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain access to confidential data or cause service interruptions...

9.8CVSS5.8AI score0.00272EPSS
Exploits0
Redos
Redos
added 2026/06/17 12:0 a.m.7 views

ROS-20260617-73-0022

The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

8.6CVSS7.8AI score0.00671EPSS
Exploits0
Redos
Redos
added 2026/06/17 12:0 a.m.6 views

ROS-20260617-73-0021

The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

8.6CVSS7.8AI score0.00671EPSS
Exploits0
Veracode
Veracode
added 2026/06/15 12:0 p.m.9 views

Improper Access Control

Keycloak is vulnerable to Improper Access Control. The vulnerability is due to insufficient audience restriction enforcement in the OpenID Connect token introspection endpoint, which allows an authenticated confidential client to access sensitive token claims intended for other resource servers...

6.5CVSS5.2AI score0.00366EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder