Lucene search
K

67 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 3:51 p.m.7 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:27 p.m.9 views

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.10 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.9 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

8.9CVSS6.4AI score0.0068EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:34 p.m.12 views

EUVD-2026-33073

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:26 p.m.10 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/26 9:41 a.m.11 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 1:28 p.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.8CVSS7.4AI score0.0218EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2026/05/14 11:50 a.m.18 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

9.8CVSS5.8AI score0.01735EPSS
Exploits3References6
EUVD
EUVD
added 2026/04/29 7:24 p.m.9 views

EUVD-2018-21825

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

8.6CVSS6AI score0.00153EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/23 12:17 p.m.10 views

Important: Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release

The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

9.8CVSS7.1AI score0.01735EPSS
Exploits1References6
OSV
OSV
added 2026/04/21 3:21 p.m.5 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/04/21 1:37 a.m.6 views

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1. An upgraded version of the package is available that resolves this issue...

6.3CVSS5.7AI score0.00317EPSS
Exploits1
OSV
OSV
added 2026/04/09 8:27 a.m.7 views

SUSE-RU-2026:1228-1 Recommended update for shadow

This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...

5.5CVSS6.8AI score0.00308EPSS
Exploits0References17
NVD
NVD
added 2026/03/24 6:16 p.m.3 views

CVE-2026-33160

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

6.9CVSS0.00355EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 5:28 p.m.5 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:26 p.m.2 views

CVE-2026-33158

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/24 4:53 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the assets/edit-image endpoint when processing the assetId parameter. An attacker can access unauthorized private asset contents by supplyi...

7.1CVSS5.9AI score0.00353EPSS
Exploits0References2
Rows per page
Query Builder