Lucene search
K

1079 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
CVE
CVE
added 5 days ago14 views

CVE-2026-55670

ZITADEL (open source identity management) prior to v4.15.2 is affected by a cross-tenant leakage in the event store validation: when a user is deleted, the original resource owner may remain associated with the deleted user’s ID and, if a new user is recreated in another organization with the sam...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 7:36 a.m.7 views

EUVD-2026-42187

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56330

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Embedded JavaScript within a PDF can delete pages, rendering the object invalid. The application crashes when it attempts a write operation on these invalid pop-...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References6
CERT
CERT
added 2026/07/08 12:0 a.m.5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
OSV
OSV
added 2026/07/02 8:32 p.m.5 views

GHSA-RXRH-4J9H-XGG9 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Summary When MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the process...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 4:16 p.m.5 views

UBUNTU-CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS6.1AI score0.00413EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/01 2:54 p.m.8 views

CVE-2026-58033 "Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deleted

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 2:54 p.m.33 views

CVE-2026-58033 "Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deleted

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS0.00413EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/01 2:54 p.m.5 views

CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS5.8AI score0.00413EPSS
Exploits0
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5674 OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao

OpenBao's Namespace Deletion May Not Delete Data Properly in github.com/openbao/openbao...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5085 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56314

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS6AI score0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.20 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.12 views

CVE-2026-56314

Capgo before 12.128.12 has a flaw in /updates resolution: it does not filter deleted app versions when joining channels, so deleted bundles may remain selectable. This enables attackers to continue deploying deleted bundles to devices via channel version joins due to missing app_versions.deleted ...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
Rows per page
Query Builder