Lucene search
K

16094 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51702

Name of the Vulnerable Software and Affected Versions Cornerstone WordPress plugin versions prior to 7.8.8 Description The premium Cornerstone page builder, bundled with the X theme, fails to enforce capability checks on a CSS-preview request handler. Additionally, the nonce required to call this...

7.7CVSS5.9AI score0.00219EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/23 9:24 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:23 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:21 p.m.8 views

EUVD-2026-38570

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

9.9CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:12 p.m.6 views

CVE-2025-13162

The vulnerability CVE-2025-13162 affects ABB Control Builder A and ABB 800xA for Advant Master (up to specified versions). It is an Uncontrolled Search Path Element issue. The available documents provide affected products and version ranges but do not include explicit root-cause details, exploit ...

4.4CVSS5.8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 4:8 p.m.32 views

CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 3:52 p.m.31 views

CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:45 p.m.16 views

CVE-2026-54305

CVE-2026-54305 affects n8n Enterprise instances using the Dynamic Credentials EE Endpoints. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three Dynamic Credentials endpoints accepted any authenticated session without per-resource ownership or scope checks on the target workflow or credential. A...

9.9CVSS6AI score0.00343EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:45 p.m.33 views

CVE-2026-54305 n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

8.9CVSS0.00343EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:59 p.m.4 views

JLSEC-2026-624 HTTP/2 client HPACK desynchronization via header blocks for unknown streams in HTTP.jl

Description The HTTP/2 client's processincomingframe! dropped HEADERS/CONTINUATION frames for stream ids absent from conn.streams without passing the header block through the connection's HPACK decoder. Because HPACK's dynamic table is connection-scoped and mutated as a side effect of decoding ea...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51562

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51563

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2026-39253

CVE-2026-39253 affects Pivotal CRM v6.6.04.08. The vulnerability enables a remote attacker to execute arbitrary code via the components Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll , caused by insecure deserialization (CWE-502). The CVSSv3.1 base score is 8.1 (HIGH) w...

8.1CVSS6.3AI score0.00805EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:20 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the externalTrigger process. An attacker can gain unauthorized access to another workspace's database and execu...

9.6CVSS6AI score0.00461EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/22 9:12 p.m.23 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:12 p.m.15 views

CVE-2026-48513

CVE-2026-48513 (MessagePack-CSharp) affects the MessagePack serializer for C#. The vulnerability arises in runtime-generated union deserializers created by DynamicUnionResolver, which did not call DepthStep(ref reader) or decrement reader.Depth during recursive deserialization and skip paths. As ...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38376

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with...

9.1CVSS5.9AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.38 views

CVE-2026-56348

CVE-2026-56348 affects n8n prior to 2.20.0. A vulnerability in POST /rest/dynamic-node-parameters/options allows an authenticated user to bypass Allowed HTTP Request Domains restrictions, enabling the server to issue HTTP requests with credentials to unauthorized hosts. This can lead to credentia...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder