Lucene search
K

78 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 8:15 p.m.5 views

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 8:15 p.m.33 views

CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS0.00288EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thunderbird, Firefox

Permission prompts for opening external schemes were only displayed for ContentPrincipals, allowing extensions to open them without user interaction through ExpandedPrincipals. This could lead to further malicious actions, such as downloading files or interacting with software already installed o...

8.8CVSS7.6AI score0.00681EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:28 p.m.14 views

EUVD-2026-32590

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign...

9CVSS5.2AI score0.00292EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.12 views

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...

9CVSS5.4AI score0.00292EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-47081

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated commenter can store HTML in row comments that executes as a script when other users hover over the comment in the expanded form view. This occurs because comment write paths persi...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References8
Microsoft Secure
Microsoft Secure
added 2026/06/04 7:14 p.m.18 views

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

In this article 1. Why the Taxonomy Needed Updating 2. Seven new failure modes 3. Operational findings: What red teaming showed 4. New mitigations 5. What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic AI Systems in April 2025, the goal was a...

8.8CVSS5.8AI score0.08016EPSS
Exploits5
NVD
NVD
added 2026/05/27 6:16 p.m.20 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:58 p.m.9 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 4:58 p.m.46 views

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS0.00292EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/02 7:9 a.m.3 views

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with...

5.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/03/25 10:31 a.m.7 views

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

8.7CVSS5.8AI score0.0089EPSS
Exploits1References22
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:44 p.m.8 views

Malicious code in env-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3b59507cce21e48b0df323a7a5cedf303427c72c2118fdc15702c813174cfa8 The package env-expanded was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 3:44 p.m.5 views

MAL-2026-2360 Malicious code in env-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3b59507cce21e48b0df323a7a5cedf303427c72c2118fdc15702c813174cfa8 The package env-expanded was found to contain malicious code...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/10 4:21 p.m.8 views

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...

5.9AI score
Exploits0
NVD
NVD
added 2026/02/10 6:16 p.m.7 views

CVE-2026-25805

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

8CVSS0.00239EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/21 4:51 a.m.2 views

Malicious Package

Overview dotenv-expanded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 4:51 a.m.10 views

Malicious code in dotenv-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...

5.5AI score
Exploits0References1
EUVD
EUVD
added 2026/01/21 4:51 a.m.8 views

EUVD-2026-3715

Malicious code in dotenv-expanded npm...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:51 a.m.4 views

MAL-2026-415 Malicious code in dotenv-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...

5.5AI score
Exploits0References1
Rows per page
Query Builder