Lucene search
K

277 matches found

Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56236

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.1.21 Description A server-side request forgery SSRF issue exists in the serverRequest wrapper. This allows authenticated administrators to execute arbitrary outbound HTTP requests by providing malicious URLs to...

5.5CVSS6.3AI score0.002EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/07/02 6:30 p.m.20 views

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 CVE-2025-5777 vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and...

9.3CVSS7.5AI score0.9987EPSS
Exploits18
NVD
NVD
added 2026/07/02 5:16 p.m.11 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51815

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A cross-site request forgery CSRF flaw allows attackers to force the application to connect to an attacker-specified URL using a username and password also specified by the attacker. CS...

5.4CVSS5.7AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

9.6CVSS0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:47 p.m.7 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

8.5CVSS5.7AI score0.00315EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/18 5:33 p.m.106 views

CVE-2026-54390

Technical details are not publicly available in the provided documents. Monitor for updates from the connected sources.

9.8CVSS5.8AI score0.00333EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50173

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An open source workflow automation platform contains an issue where a member-level user with editor access to a shared workflow can reference...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.3AI score0.00431EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.9 views

axios: Axios: HTTP Transport Hijacking via Prototype Pollution

A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HT...

7.4CVSS5.7AI score0.00808EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

CodexBar 安全漏洞

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the handling of insecure temporary files during the publication of workflows, which could allow...

7.2CVSS5.3AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 8:39 a.m.36 views

CVE-2025-14713

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...

7.5CVSS0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Synology C2 Identity Edge Server 安全漏洞

The Synology C2 Identity Edge Server is an edge identity authentication and access management server provided by the Chinese company Synology. There was a security vulnerability in the Synology C2 Identity Edge Server package in versions prior to DSM 1.76.0-0307. This vulnerability stemmed from...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43586

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Docker Desktop 安全漏洞

Docker Desktop is a desktop software by the American company Docker, based on container technology, designed for lightweight application deployment. This product provides a desktop environment that allows creating containers lightweight virtual machines on Linux/Windows/Mac OS systems, as well as...

8.8CVSS7.3AI score0.00211EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 7:45 p.m.9 views

Malicious code in qontract-reconcile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bee34269c7f3aae4181b856b9b73a57abf59acc94d076d51b4fb6c14b8fc5508 This release of qontract-reconcile uses uv's tool.uv.dependency-metadata mechanism in pyproject.toml to override the pagerduty package's declared...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.10 views

Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/04 6:26 p.m.11 views

Expression Language Injection

Overview org.apache.polaris:polaris-core is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this package are...

9.9CVSS5.8AI score0.00431EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:37 p.m.8 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:22 p.m.15 views

Missing Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Missing Authorization via the dynamic-node-parameters endpoints. An attacker can access and exfiltrate sensitive credentials belonging to other users by supplying a foreign credential ID in the...

9.1CVSS5.9AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder