Lucene search
K

313 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago12 views

Kibana 8.x < 8.19.15 / 9.x < 9.3.4 DoS (ESA-2026-49)

The version of Kibana installed on the remote host is 8.x prior to 8.19.15 or 9.x prior to 9.3.4. It is, therefore, affected by a denial of service vulnerability: - Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service. An authenticated user can...

6.5CVSS6.1AI score0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 7:36 a.m.13 views

CVE-2026-57252

CVE-2026-57252 affects Foxit PDF Editor/Reader when handling AcroForm operations during PDF loading—specifically during JavaScript-based page deletion and removal of attachment annotations. This triggers a use-after-free condition on invalid pointers within the attachment panel, causing the appli...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/06/30 10:8 p.m.18 views

CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re‑authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF, or parameter tampering, leading to unauthorized...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 3:57 p.m.7 views

CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52514

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...

7.3CVSS5.9AI score0.0027EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/22 12:17 p.m.32 views

CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS0.00361EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:17 p.m.5 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 12:17 p.m.18 views

CVE-2026-56424

CVE-2026-56424 affects MISP core and describes multiple broken access-control flaws where authorization checks target the wrong entity or where ownership checks are missing on write paths. In affected subsystems, a lower-privileged authenticated user with relevant feature permissions could cause ...

8.8CVSS5.9AI score0.00361EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/22 12:17 p.m.5 views

CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS6AI score0.00361EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/12 11:51 a.m.10 views

EUVD-2026-36412

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.2AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48859

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.3AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:27 p.m.18 views

CVE-2026-47163

Quest Bot prior to v1.0.1 allowed any guild member who can invoke slash commands to use /automod add, /automod remove, and /automod list due to missing Discord default permission and runtime moderator checks. An attacker could add a rule matching common text and cause the bot to delete other user...

7.2CVSS5.4AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...

8.3CVSS5.3AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53738

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from unauthorized backend users having access to write operations on the root directory of active files. This can lead to unauthorized moves,...

7.2CVSS5.4AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.5AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:23 p.m.45 views

CVE-2026-45682 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

5.1CVSS0.00161EPSS
Exploits1References2
NVD
NVD
added 2026/05/28 8:16 p.m.15 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

7.3CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:33 p.m.7 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 7:33 p.m.11 views

EUVD-2026-33009

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder