Lucene search
K

9204 matches found

CVE
CVE
added 2026/04/15 6:26 p.m.17 views

CVE-2026-39845

Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:3 p.m.4 views

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33115

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References4
Hewlett-Packard
Hewlett-Packard
added 2026/04/15 12:0 a.m.8 views

Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices WSD scan requests are improperly validated and handled by the MFP. As a temporary mitigation measure for the buffer overflow vulnerability,...

8.7CVSS6.6AI score0.00301EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/14 10:25 p.m.2 views

CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 10:25 p.m.5 views

EUVD-2026-22766

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:22 p.m.12 views

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/14 8:2 p.m.5 views

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 8:2 p.m.3 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the collect process. An attacker can gain unauthorized access to restricted template functionality by leveraging insufficient sandbox restrictions when authenticated with backend access and template editi...

6.9CVSS5.7AI score0.00395EPSS
Exploits2References3
CVE
CVE
added 2026/04/14 2:10 p.m.10 views

CVE-2026-4913

CVE-2026-4913 involves Ivanti N-ITSM prior to 2025.4, where an improper protection of an alternate path could let a remote authenticated attacker retain access even after their account is disabled. The CVSS 3.1 base metrics reflect a Network attack vector with low attack complexity and required p...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 3:16 a.m.5 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS0.00739EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 1:49 a.m.3 views

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 1:49 a.m.2 views

EUVD-2026-22203

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 1:49 a.m.25 views

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS0.00739EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 1:7 a.m.7 views

GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

2.1CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-33228

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

Ivanti Neurons for ITSM 安全漏洞

Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Versions of Ivanti Neurons for ITSM prior to 2025.4 contained security vulnerabilities. These vulnerabilities stemmed from improper protection of alternative paths, which could allo...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32647

Name of the Vulnerable Software and Affected Versions Ivanti N-ITSM versions prior to 2025.4 Description Improper protection of an alternate path allows a remote authenticated attacker to retain access to the system even after their account has been disabled. Recommendations Update to version...

5.7CVSS5.7AI score0.00586EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/13 9:31 a.m.3 views

EUVD-2026-21895

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

6.7CVSS5.8AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder