Lucene search
K

98 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-55884

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...

9.2CVSS0.00397EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:2 p.m.5 views

CVE-2026-55417

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS6AI score0.00249EPSS
Exploits0References3Affected Software3
Snyk
Snyk
added 2026/05/06 2:25 p.m.12 views

Access Control Bypass

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Access Control Bypass via the via POST /api/v1/account/login and POST /api/v1/account/invite endpoints. An attacker can gain access to arbitrary bcrypt password hash, tempToken, and tokenExpiry, including...

9.8CVSS6.1AI score0.50118EPSS
Exploits15References2
RedHat Linux
RedHat Linux
added 2026/04/29 12:41 p.m.5 views

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

8.6CVSS5.3AI score0.00868EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses in the API middleware, allowing unverified attackers to access all protected API endpoints...

9.1CVSS5.8AI score0.01351EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Nhost 安全漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 1.41.0 contained security vulnerabilities. These vulnerabilities stemmed from the Nhost CLI MCP server, which, when explicitly configured to listen on network ports, did not apply inbound authenticatio...

7.7CVSS5.8AI score0.00361EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.10 views

IX-Ray Engine 安全漏洞

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Splunk Enterprise 信息泄露漏洞

Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. Versions of Splunk Enterprise prior to 10.2.0, 10.0.3 prior to version 10.0.3, 9.4.9 prior to version 9.3.10, as well as versions of Splunk Cloud Platform prior to 10.2.2510.5, 10.1.2507.16 prio...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. Previous versions...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22072

Name of the Vulnerable Software and Affected Versions Bitnami Sealed Secrets affected versions not specified Description Bitnami Sealed Secrets is susceptible to a scope-widening attack during the secret rotation process via the /v1/rotate API endpoint. The rotation handler uses untrusted data fr...

9.9CVSS6.9AI score0.22162EPSS
Exploits70References140
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An information disclosure vulnerability exists in multiple Apple products. The vulnerability is caused due ...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/26 10:48 p.m.2 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the unsafe usage of Kubernetes ExternalName type with Ingress controller. An attacker can gain unauthorized access to internal services, leveraging the controller's network...

8.6CVSS5.9AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 11:15 p.m.7 views

CVE-2022-50932

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...

8.7CVSS0.03534EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/10 6:30 p.m.6 views

EUVD-2025-202451

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability...

4.3CVSS6.5AI score0.00301EPSS
Exploits0References3
NVD
NVD
added 2025/12/10 5:15 p.m.6 views

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

4.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.8 views

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

6.5CVSS0.00266EPSS
Exploits3References2
Microsoft CVE
Microsoft CVE
added 2025/11/14 1:3 a.m.6 views

KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace

...

5.5CVSS5.5AI score0.00176EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-44995

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...

8.7CVSS6.4AI score0.0027EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/22 4:30 p.m.9 views

CVE-2025-22177

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view other team overviews...

5.3CVSS0.00188EPSS
Exploits0References1
Rows per page
Query Builder