Lucene search
K

4384 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
OSV
OSV
added 4 days ago10 views

SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

9.8CVSS6.9AI score0.03663EPSS
Exploits30References449
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40276

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-54196

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is ...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53925

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.521 Description An authorization bypass occurs during the session import process. The /api/session/import endpoint validates the workspace of an imported session under the active named profile but fails to s...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References10
NVD
NVD
added 5 days ago9 views

CVE-2026-57956

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-57956 SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS0.00177EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-57956

SigNoz

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40141

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-13034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass...

4.7CVSS5.7AI score0.00143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.4 views

Microsoft Edge (Chromium) < 149.0.4022.98 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.98. It is, therefore, affected by multiple vulnerabilities as referenced in the June 26, 2026 advisory. - Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote...

8.8CVSS5.7AI score0.00823EPSS
Exploits1References47
CVE
CVE
added 2026/06/26 8:55 p.m.15 views

CVE-2026-49984

CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...

7.7CVSS6AI score0.00386EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:52 p.m.5 views

CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:1 p.m.7 views

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 8:1 p.m.25 views

CVE-2026-49991 RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52985

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description An access control bypass exists in the previewFileFromExecution endpoint GET '/api/v1/tenant/executions/executionId/file/preview'. This issue allows an authenticated...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52909

Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52980

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...

7.7CVSS5.9AI score0.00386EPSS
Exploits1References8
Rows per page
Query Builder