Lucene search
K

219888 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.6 views

EUVD-2026-37663

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS5.1AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37664

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

4.3CVSS5.1AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37662

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

8.6CVSS5.1AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37665

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

9.1CVSS5.1AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Use of Cache Containing Sensitive Information

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 5:59 p.m.21 views

CVE-2026-55197

Hermes WebUI before 0.51.443 has a broken access control weakness in the /api/session endpoint. Authenticated users can bypass profile boundaries and query session IDs from other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized transcripts and metadata. This affects t...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 5:58 p.m.19 views

CVE-2026-55196 Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...

9.1CVSS0.00579EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 5:58 p.m.33 views

CVE-2026-55196

Hermes WebUI prior to version 0.51.409 contains an authentication bypass in passkey registration. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register are accessible without authentication, allowing an att...

9.1CVSS5.6AI score0.00579EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/17 5:57 p.m.10 views

Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

RAG ACL Bypass in Milvus Multitenancy Mode Summary This is a bypass of the fix for: - GHSA-h36f-rqpx-j5wx - CVE-2026-44560 - "Unauthorized File and Knowledge Base Content Access via RAG Vector Search" Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus...

6.5CVSS5.5AI score0.00366EPSS
Exploits2References2Affected Software1
Veracode
Veracode
added 2026/06/17 5:50 p.m.9 views

Improper Access Control

@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/17 5:16 p.m.12 views

CVE-2026-12515

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

4.3CVSS0.00197EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.7 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 3:17 p.m.9 views

CVE-2026-54810

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1...

7.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.11 views

CVE-2026-35066

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

7.1CVSS0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.12 views

CVE-2026-35067

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access...

8CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.11 views

CVE-2026-35162

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

6.5CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.8 views

CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS0.00226EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 3:16 p.m.14 views

CVE-2026-22283

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

7.5CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.11 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.0059EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 3:16 p.m.5 views

UBUNTU-CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References6
Rows per page
Query Builder