Lucene search
K

442 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-61442

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-55475 Snipe-IT: Import created_by can be overwritten

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-55475

Snipe-IT prior to version 8.6.1 is vulnerable via the Importer API endpoint where a user with CSV import capabilities and a valid API key can overwrite the created_by value of an import file, enabling unauthorized modification of import ownership metadata. The issue is fixed in version 8.6.1. Thi...

5.7CVSS6.1AI score0.00192EPSS
Exploits0References4Affected Software1
Circl
Circl
added 2026/06/30 9:59 a.m.13 views

EDB-48857

creationtimestamp| type| source ---|---|--- 2026-06-30 09:59:35+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/08fec6cd-60db-48e0-adee-f94db4ca16e6...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/30 9:23 a.m.28 views

EDB-28713

creationtimestamp| type| source ---|---|--- 2026-06-30 09:23:42+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/929c0d80-34e5-4a6d-9986-b1e2d37eaa30...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/20 2:1 a.m.10 views

CVE-2026-54920

creationtimestamp| type| source ---|---|--- 2026-06-20 02:01:08+00:00| seen| https://bsky.app/profile/slackers.it/post/3moor6754ks2n...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/12 11:54 a.m.2 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.9AI score0.00235EPSS
Exploits0References4
Circl
Circl
added 2026/06/10 7:3 p.m.15 views

CVE-2026-0268

creationtimestamp| type| source ---|---|--- 2026-06-10 19:03:28+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mnxfn3qd3i2w 2026-06-10 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1917 2026-06-10 23:32:18+00:00| seen|...

6.9CVSS7AI score0.00095EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.13 views

CVE-2026-8267

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smfnsmfhandlecreateddatainvsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of...

6.5CVSS5.1AI score0.00372EPSS
Exploits1References1
NVD
NVD
added 2026/06/03 6:16 p.m.10 views

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.5CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 3:49 p.m.46 views

CVE-2026-46248 wifi: ath12k: clear stale link mapping of ahvif->links_map

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:49 p.m.13 views

CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.7AI score0.00121EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif i...

5.5CVSS6.2AI score0.00121EPSS
Exploits0References3
Circl
Circl
added 2026/05/27 5:32 p.m.11 views

CVE-2026-40914

creationtimestamp| type| source ---|---|--- 2026-05-27 17:32:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmtzzmt3ah2e 2026-05-29 11:39:38+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mmyhafj65s2p...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:40 a.m.7 views

CVE-2026-6345

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.16 views

CVE-2020-37240

CVE-2020-37240 affects Queue Management System 4.0.0 with a stored XSS flaw in the Add User workflow. Authenticated administrators can inject JavaScript via First Name, Last Name, or Email during user creation, with payloads executing on the User List page. CVSS-4.0 vector yields 5.1 (MEDIUM), an...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 2:57 p.m.7 views

GHSA-HP26-Q66V-Q2W7 FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

7.6CVSS5.9AI score0.00274EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/14 2:57 p.m.16 views

FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

9.6CVSS5.9AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:54 p.m.45 views

FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

8.1CVSS5.7AI score0.00268EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/14 2:52 p.m.16 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by...

7.6CVSS5.8AI score0.00254EPSS
Exploits1References3
Rows per page
Query Builder