Lucene search
K

952 matches found

CVE
CVE
added 6 days ago10 views

CVE-2026-50007

The CVE affects the open-source personal finance app “Actual.” Before version 26.7.0, a missing authorization flaw allows a non-owner shared user (with user_access on a budget file) to perform file-management actions that should be owner- or admin-only. Specifically, endpoints such as /delete-use...

7.2CVSS5.9AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-50007

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS5.9AI score0.00246EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-50007 Actual: Shared users can perform owner-only file management actions

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago6 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-48950

CVE-2026-48950 affects Joomla! Core via the file management view in com_templates. The root cause is lack of escaping, enabling an XSS vulnerability. Multiple sources (NVD, CVE lists, and Joomla security advisory) confirm an XSS in the core component with the vulnerable entry labeled for core/com...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42067

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56223

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the file management view of the com templates component leads to a Cross-Site Scripting XSS issue. XSS is a flaw that allows an attacker to inject malicious scripts...

8.4CVSS6AI score0.00147EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
NVD
NVD
added 2026/07/06 3:16 p.m.8 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 1:10 p.m.16 views

CVE-2026-7185

CVE-2026-7185 concerns TAO 2.0 suite web features for file management/upload that suffer a validation vulnerability allowing an attacker with access to the feature to attempt to access file system resources outside the intended scope. Affected: TAO 2.0 web components handling file operations. Roo...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 1:10 p.m.37 views

CVE-2026-7185 Unauthorized access to files in T-Systems products

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 1:10 p.m.4 views

EUVD-2026-41874

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 8:16 a.m.9 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS0.00435EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.23 views

CVE-2026-38615

CVE-2026-38615 affects DedeCMS v5.7.118 with a command execution vulnerability in file_manage_control.php. Public sources confirm the issue but do not provide detailed exploitation steps or concrete remediation in the supplied documents. The CVSSv3.1 metrics indicate a high-severity, network-expl...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.14 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.6 views

Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessage

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder