56080 matches found
CVE-2026-49838 vulnerabilities
Vulnerabilities for packages: kube-vip...
CVE-2026-59217
creationtimestamp| type| source ---|---|--- 2026-07-11 00:34:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4fw5q22i...
EUVD-2026-43096
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
CVE-2026-44383
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...
CVE-2026-55687
creationtimestamp| type| source ---|---|--- 2026-07-10 23:10:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdbgh23va2y 2026-07-11 20:00:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqfhbirnbl2k 2026-07-11 20:00:28+00:00| seen|...
CVE-2026-59161
creationtimestamp| type| source ---|---|--- 2026-07-10 22:58:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdaqhoxmm2x 2026-07-10 23:42:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqddaddmyn2e...
CVE-2026-54001
creationtimestamp| type| source ---|---|--- 2026-07-10 22:22:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6q42vrb2z 2026-07-10 23:40:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdd3r4mkg2x...
CVE-2026-8595
creationtimestamp| type| source ---|---|--- 2026-07-10 22:18:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6k6jia32c 2026-07-10 22:49:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdabfyz4f2y 2026-07-11 00:16:40+00:00| seen|...
CVE-2026-58499
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...
CVE-2026-58499
EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...
CVE-2026-58499 Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...
GHSA-V853-W46P-FV2H vulnerabilities
Vulnerabilities for packages: apache-tomee...
CVE-2026-55464
creationtimestamp| type| source ---|---|--- 2026-07-10 20:12:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcxhgdnd325 2026-07-11 01:12:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdibdxcnr22...
GHSA-489G-7RXV-6C8Q
creationtimestamp| type| source ---|---|--- 2026-07-10 18:42:23+00:00| seen| https://gist.github.com/alon710/bb39e6fca7620239b1bd8e5a02d98b4e...
CVE-2026-55516
CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...
CVE-2026-54329
Summary: CVE-2026-54329 affects Snipe-IT before 8.6.2, where the Accessories API can mass-assign the company_id field, enabling a low-privilege user in one company (with FMCS enabled) to create accessory records under another company. Root cause: API create path mass-assigns request parameters di...
EUVD-2026-42910
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible...
CVE-2026-38059
The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...
CVE-2026-22659
FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...