Lucene search
K

2763 matches found

NVD
NVD
added 7 hours ago5 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS
Exploits0References1
Cvelist
Cvelist
added 8 hours ago5 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS
Exploits0References1
Nuclei
Nuclei
added 13 hours ago33 views

NETGEAR - Authentication Bypass

NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. id:...

8.8CVSS7.3AI score0.08656EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago30 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.3AI score0.50038EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago28 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.6AI score0.8413EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added yesterday4 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-12085

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-12085 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40391

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-12085

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....

6.5CVSS5.7AI score0.00228EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2 days ago8 views

CVE-2026-58167

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS0.00238EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

9.2CVSS6.5AI score0.04261EPSS
Exploits6References15
OSV
OSV
added 3 days ago5 views

PYSEC-2026-461 PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References6
Nuclei
Nuclei
added 6 days ago241 views

Mlflow <2.9.2 - Path Traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...

7.5CVSS7.1AI score0.89716EPSS
Exploits1References3
NVD
NVD
added 6 days ago7 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

7.5CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

5.3CVSS0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-52703

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 10:23 p.m.11 views

EUVD-2026-31398

golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement...

10CVSS6.9AI score0.03092EPSS
Exploits2References7
Rows per page
Query Builder