Lucene search
+L

7657 matches found

cgr
cgr
added last week8 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, buildah, karpenter-fips, kots, rclone-fips, argo-cd-fips, frankenphp-8.3, ocm-cli, flux, gitlab-workhorse-ce, knative-eventing-fips, timestamp-authority-fips, opentelemetry-collector-k8s, azurefile-csi-fips, grype-fips, opentofu, dapr,...

6.1AI score
Exploits0
wolfi
wolfi
added last week7 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: victoriametrics, pgpool2exporter, kubelet-csr-approver, mountpoint-s3-csi-driver, kubevela, spicedb, local-static-provisioner, sealed-secrets, q, blob-csi, dive, cloudnative-pg, infinispan-operator, prometheus-operator, amass, kube-vip, azuredisk-csi, delve,...

6.1AI score
Exploits0
cvelist
cvelist
added last week32 views

CVE-2026-15188 manjurulhoque django-job-portal Employee Dashboard Endpoint views.py EditEmployeeProfileAPIView access control

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
euvd
euvd
added last week7 views

EUVD-2026-42606

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
cve
cve
added last week8 views

CVE-2026-15188

The CVE affects manjurulhoque django-job-portal (up to commit dfa352f305bba44445ac5dc12e9b2a98c9dcd71f). The vulnerability resides in EditEmployeeProfileAPIView (accounts/api/views.py) of the Employee Dashboard Endpoint, where manipulating the role argument leads to improper access controls. An a...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/09 12:29 p.m.30 views

CVE-2026-12593 Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS0.00281EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 12:29 p.m.7 views

EUVD-2026-42589

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
cve
cve
added 2026/07/09 12:29 p.m.13 views

CVE-2026-12593

The CVE concerns Axivion Dashboard’s OIDC/OAuth2/SSO subsystem. An internal, undocumented API endpoint (POST /api/users/~/{user}/tokens) did not enforce sufficient permissions when creating an API token for another user. Preconditions include an internal user with higher privileges, knowledge of ...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
github
github
added 2026/07/08 9:12 p.m.8 views

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/07/08 2:16 p.m.8 views

CVE-2026-15034

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
cvelist
cvelist
added 2026/07/08 1:30 p.m.29 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
cve
cve
added 2026/07/08 1:30 p.m.12 views

CVE-2026-15034

CVE-2026-15034 affects the Flask-MonitoringDashboard component of the Flask-dashboard project up to version 5.0.2. The issue is described as a cross-site request forgery (CSRF) affecting an unknown functionality, with the attack potentially executable remotely. Public exploit information is indic...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
euvd
euvd
added 2026/07/08 1:30 p.m.5 views

EUVD-2026-42238

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
osv
osv
added 2026/07/08 1:30 p.m.3 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References11
nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:37 a.m.6 views

EUVD-2026-42109

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References2
osv
osv
added 2026/07/08 12:29 a.m.9 views

CVE-2026-55437 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS6AI score0.00316EPSS
Exploits0References8
nvd
nvd
added 2026/07/07 10:16 p.m.8 views

CVE-2026-28378

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS0.00136EPSS
Exploits0References1
osv
osv
added 2026/07/07 9:8 p.m.4 views

CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS6.1AI score0.00136EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/07/07 9:8 p.m.3 views

CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References1
Rows per page
Query Builder