Lucene search
K

10191 matches found

EUVD
EUVD
added 2026/06/25 6:10 p.m.5 views

EUVD-2026-39526

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into...

6AI score0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 9:38 p.m.24 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/24 5:41 p.m.6 views

GHSA-F637-W7P2-M7FX OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration

Summary The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled the...

3.7CVSS5.9AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:41 p.m.9 views

EUVD-2026-36907

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.4 views

CVE-2026-53022

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53022

The CVE-2026-53022 issue affects the Linux kernel (platform/x86: dell-wmi-sysman). The vulnerability arises in populate_enum_data(), where firmware-provided value-modifier and possible-value strings are appended with raw strcat() into fixed 512-byte members, after per-source bounds checks, enabli...

5.8AI score0.00172EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.11 views

EUVD-2026-38780

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

5.9AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.20 views

CVE-2026-57299

CVE-2026-57299: Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read to enumerate the names of configured Contrast metadata. Public references (NVD, CVE lists, Alpine, EUVD, Att&CK entries, and the Jenkins security...

4.3CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.15 views

CVE-2026-57293

CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.10 views

EUVD-2026-38768

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56337

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:27842 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:5 p.m.14 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
OSV
OSV
added 2026/06/24 12:3 p.m.5 views

RLSA-2026:27862 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:3 p.m.9 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
Rows per page
Query Builder