Lucene search
K

73 matches found

Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56252

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...

8.7CVSS6.1AI score0.00266EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52313

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the nft exthdr init function passes a user-controlled priv-len variable to nft parse register store, which marks a specific number of bytes ...

5.5CVSS6AI score0.00128EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40904

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:48 p.m.9 views

CVE-2026-44573

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

7.5CVSS5.8AI score0.00592EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/11 4:12 p.m.8 views

GHSA-3G8H-86W9-WVMQ Next.js's Middleware / Proxy redirects can be cache-poisoned

Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...

3.7CVSS5.8AI score0.00195EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/30 6:20 p.m.3 views

CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.3AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 6:20 p.m.6 views

EUVD-2026-26411

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.3AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 6:20 p.m.3 views

CVE-2026-40904

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.3AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.10 views

PT-2026-36164

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:20 p.m.4 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.7CVSS6.1AI score0.00447EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2026/02/24 11:22 p.m.3 views

Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files

The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data...

5.4AI score
Exploits0
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.11 views

FastGPT 跨站请求伪造漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.7 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the fact that the web scraping node and HTTP nodes...

6.9CVSS5.8AI score0.00101EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

8.7CVSS5.9AI score0.00456EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000909)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000909 advisory. Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat...

5.8CVSS7.1AI score0.03181EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002399 advisory. Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat...

5.8CVSS7.1AI score0.03181EPSS
Exploits0References21
NVD
NVD
added 2025/12/26 5:16 a.m.5 views

CVE-2025-8075

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

5.8CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 9:28 a.m.12 views

CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS0.00479EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/06/09 6:15 a.m.3 views

CVE-2025-47711

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...

6.5CVSS6.3AI score0.00361EPSS
Exploits0References4Affected Software5
Veracode
Veracode
added 2025/01/24 4:34 a.m.7 views

Unbounded Disk Consumption

github.com/t2bot/matrix-media-repo is vulnerable to Unbounded Disk Consumption. The vulnerability is MMR's lack of proper rate limiting and controls on the amount of data that can be requested and cached, allowing unauthenticated users to request excessive amounts of remote media files...

7.5CVSS6.8AI score0.00675EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder