Lucene search
+L

269 matches found

nvd
nvd
added 2026/07/03 9:16 p.m.5 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS0.00367EPSS
Exploits0References4
euvd
euvd
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
cve
cve
added 2026/06/26 8:3 p.m.16 views

CVE-2026-55188

RustFS’s ListRemoteTargetHandler in versions 1.0.0-alpha.1 through 1.0.0-beta.8 contains an authorization bypass that only checks for credentials and neglects to verify replication or admin permissions. This allows an authenticated user without bucket/admin rights to list remote replication targe...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References1
cve
cve
added 2026/06/25 11:27 p.m.21 views

CVE-2026-9221

CVE-2026-9221 affects Setracker2 Android Companion App (com.tgelec.setracker)

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1
redos
redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0014

The vulnerability of the Audio/Video components in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.5CVSS6.2AI score0.00323EPSS
Exploits0
nessus
nessus
added 2026/06/19 12:0 a.m.8 views

Lexmark Printers Cross-site Scripting (CVE-2019-18791)

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. This plugin only works with Tenable.ot. Please visit...

5.4CVSS6.1AI score0.00527EPSS
Exploits0References5
osv
osv
added 2026/06/18 1:52 p.m.4 views

GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...

8.3CVSS5.6AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.12 views

PT-2026-49331

Name of the Vulnerable Software and Affected Versions grocy version 4.6.0 Description SQL injection occurs at the '/stockreports/spendings' endpoint through the product-group parameter. This allows attackers to access sensitive database information by using a crafted SQL statement. SQL injection ...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44895

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.5AI score0.00392EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 11:16 p.m.22 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS0.00142EPSS
Exploits0References1
nvd
nvd
added 2026/05/30 4:16 p.m.19 views

CVE-2018-25405

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS0.0027EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/25 12:0 a.m.12 views

Joomla! Responsive Portfolio SQL注入漏洞

Joomla! Responsive Portfolio is a Joomla! open source Joomla website portfolio extension. A SQL injection vulnerability exists in Joomla! Responsive Portfolio version 1.6.1, which stems from SQL injection of multiple filter parameters, which could lead to an authenticated attacker injecting...

7.1CVSS5.9AI score0.00284EPSS
Exploits0References4
osv
osv
added 2026/05/21 8:59 p.m.2 views

CVE-2026-8236 Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialogs/file/usage/{fID}

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References4
nvd
nvd
added 2026/05/20 4:16 p.m.17 views

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS0.00507EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/20 2:53 p.m.11 views

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References4
osv
osv
added 2026/05/20 9:46 a.m.9 views

MAL-2026-4676 Malicious code in svharness (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3aef9a7535c16df930fdb10e5b60773f5ba2e0a8cd102d53a4cc3da122cfd473 When the documented svharness build --baseline or svharness wizard command is run, the tool's default 'tasks' wiki mode scans and bundles the caller'...

5.8AI score
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Consul

HashiCorp Consul and Consul Enterprise 1.10.1: The TXN.Apply endpoint allows for the registration of proxies for other services, enabling access to service traffic. This feature was fixed in versions 1.8.15, 1.9.9, and 1.10.2...

6.5CVSS6.8AI score0.01523EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.13 views

PT-2026-42207

Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.7 Description On Linux and macOS, the SSE event server binds to 0.0.0.0:5553 by default, making it accessible to any peer on the same local area network LAN. This occurs because the platform-dependent host defau...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References6
hackerone
hackerone
added 2026/05/14 2:27 a.m.44 views

Rocket.Chat: Autotranslate DDP Method Exposes Private Messages Without Authentication or Room Access Check

Vulnerability description not provided...

7.5CVSS5.8AI score0.00283EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/05/12 7:45 a.m.10 views

CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References2
Rows per page
Query Builder