Lucene search
K

18053 matches found

EUVD
EUVD
added 2026/07/04 12:49 p.m.8 views

EUVD-2025-210427

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/07/04 9:16 a.m.8 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS0.00299EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 8:15 a.m.10 views

EUVD-2026-41660

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.13 views

PT-2026-55701

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-56646

Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.9AI score0.00651EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:19 p.m.20 views

CVE-2026-24451

Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.38 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

0.00482EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.9AI score0.00651EPSS
Exploits0
NVD
NVD
added 2026/07/03 1:17 p.m.5 views

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS0.00085EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/03 6:18 a.m.6 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55590

Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Fork synchronization continues even after a parent repository is changed from public to private. This behavior allows a fork to maintain access and synchronize data from a repository that should no longer be...

7.5CVSS7AI score0.00482EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55642

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. Recommendations At the moment, there is no...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55531

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

HCL Traveler for Microsoft Outlook < 3.0.15 Sensitive Data Exposure (CVE-2025-59868)

The version of HCL Traveler for Microsoft Outlook installed on the remote Windows host is prior to 3.0.15. It is, therefore, affected by a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown...

5.5CVSS6AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55643

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized actor to disclose private personal information over a network. Recommendations At the moment, there is no...

7.1CVSS5.8AI score0.00309EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59098

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.9 views

CVE-2026-59098

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:5 p.m.9 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 2:3 p.m.6 views

EUVD-2026-41375

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References1
Rows per page
Query Builder