Lucene search
K

316 matches found

OSV
OSV
added 2026/05/26 1:30 p.m.4 views

GHSA-VR35-JM2F-8WG2 Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS5.7AI score0.00436EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/25 5:37 p.m.100 views

Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

8.5CVSS5.8AI score0.49114EPSS
Exploits8
Snyk
Snyk
added 2026/05/25 4:59 p.m.8 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in JexlContextBuilder. An administrator user with entitlements for Derived Schemas and User read can access other users' passwordHistory, securityAnswer, token, tokenExpireTime, and cipherAlgorithm values via...

5.1CVSS5.8AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 3:0 p.m.14 views

EUVD-2026-31702

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

5.8AI score0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 3:0 p.m.13 views

CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

5.8AI score0.00436EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

4.9CVSS5.8AI score0.00436EPSS
Exploits0References7
CVE
CVE
added 2026/05/21 9:48 p.m.31 views

CVE-2026-4929

The CVE concerns Simple Hierarchical Select (SHS) for Drupal 7, where cross-site scripting is possible due to improper output escaping of term-derived text. Affected code paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_childre...

5.4CVSS5.6AI score0.00205EPSS
Exploits1References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 have an issue where the fixfieldsifneeded function under mysqlderivedprepare is called when the derived table is not yet prepared,...

4.9CVSS5.7AI score0.00396EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/15 6:17 p.m.16 views

AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

5.9AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 5:5 p.m.44 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.13 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:17 a.m.37 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS0.00344EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/08 3:17 a.m.8 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

7.5CVSS5.9AI score0.00405EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/05 7:35 p.m.9 views

Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 7:35 p.m.12 views

GHSA-2CWR-GCF9-PVXR Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/24 8:33 p.m.7 views

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.2AI score0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 7:59 p.m.8 views

GHSA-JM34-66CF-QPVR Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

5.3CVSS5.9AI score0.00344EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/22 7:59 p.m.8 views

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

5.3CVSS5.9AI score0.00344EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/04/14 4:4 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
Rows per page
Query Builder