Lucene search
K

55 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 7:45 a.m.28 views

CVE-2026-46764

The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45378

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Event Log detail endpoint "GET /api/v2/eventLogs/event log id" fetches audit-log rows directly by numeric ID after performing only a generic Audit Log permission check. This differs from t...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References6
CVE
CVE
added 2026/05/22 6:12 p.m.28 views

CVE-2026-39966

TypeBot (chatbot builder) vulnerability CVE-2026-39966: in versions up to 3.15.2, getLinkedTypebots allows any authenticated user to read full bot definitions (including blocks, logic, credentials, API keys, PII, webhook URLs, and integration configs) across workspaces due to an authorization che...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from continued access to adev-id after an auxiliary device is released in the addadev error path, which could lea...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access occurs in the st lsm6dsx hwfifo odr store function when userspace writes to the buffer sampling frequency sysfs attribute. This function calls st lsm6dsx check od...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 7:27 p.m.4 views

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 7:25 p.m.22 views

CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33345

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

6.5CVSS5.7AI score0.00416EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26740

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS5.9AI score0.00191EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2026-1035)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

7.5CVSS7.3AI score0.02204EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/19 12:24 p.m.26 views

CVE-2025-14882 Insecure direct object reference

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 5:37 p.m.24 views

CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

2.7CVSS0.00271EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-2387

Malware in sbrugna...

3.5CVSS6.4AI score0.00709EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-30625

Malware in sbrugna...

5.3CVSS5.5AI score0.00449EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-2233

Malware in sbrugna...

2.1CVSS6.4AI score0.00363EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-2189

Malware in sbrugna...

7.5CVSS6.4AI score0.01582EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0118

Malware in sbrugna...

9.1CVSS9AI score0.02581EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34194

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01256EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-46974

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder