Lucene search
K

1079 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 1:7 p.m.5 views

GHSA-6X8V-2FQ5-2229 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original organization if the previous I...

2.3CVSS5.5AI score0.00286EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 1:7 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:7 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:7 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 7:51 a.m.2 views

OPENSUSE-SU-2026:21137-1 Security update for perl-Crypt-PasswdMD5

This update for perl-Crypt-PasswdMD5 fixes the following issues: Changes in perl-Crypt-PasswdMD5: - updated to 1.430.0 1.43 see /usr/share/doc/packages/perl-Crypt-PasswdMD5/Changelog.ini V 1.43 Date=2026-05-23T08:14:00 Deploy.Action=Upgrade Deploy.Reason=Security Comments= EOT - Accept pull reque...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score0.00286EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/17 9:57 p.m.26 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:25 p.m.11 views

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:8 p.m.12 views

GHSA-F34X-RX2W-7PM3 TYPO3 CMS has Broken Access Control in the Recycler Module

Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 8:8 p.m.14 views

EUVD-2026-35396

TYPO3 CMS has Broken Access Control in the Recycler Module...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.26 views

PT-2026-48715

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

Devolutions Server < 2026.1.21.0 / 2026.2.4.0 < 2026.2.5.0 Multiple Vulnerabilities (DEVO-2026-0015)

The version of Devolutions Server installed on the remote host is prior to 2026.1.21.0 or 2026.2.4.0 prior to 2026.2.5.0. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in the built-in PAM provider password rotation templates in...

6.5CVSS6AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.17 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.10 views

CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:51 a.m.8 views

CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder