Lucene search
K

144039 matches found

Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55689

Name of the Vulnerable Software and Affected Versions jairiidriss restaurant-website-php-mysql versions up to 521428b5b612449df0cf4a5d15ee40cba67f3d35 Description A missing authentication flaw exists in the AJAX Endpoint component. A remote attacker can manipulate the '/admin/ajax files' endpoint...

7.5CVSS7.1AI score0.00517EPSS
Exploits0References9
Oracle linux
Oracle linux
added 6 days ago5 views

Unbreakable Enterprise kernel security update

5.4.17-2136.357.3.1 - KVM: x86: Fix shadow paging use-after-free due to unexpected role Paolo Bonzini Orabug: 39673892 - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN Sean Christopherson Orabug: 39673892 - KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only pare...

9.8CVSS6.3AI score0.00563EPSS
Exploits12
Snyk
Snyk
added last week5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to ambiguity in the HMAC validation of signed URLs used for artifact access. An attacker can gain unauthorized read access to artifacts across repositories and write to upload-state...

9.6CVSS6AI score0.00177EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

7.5CVSS0.00298EPSS
Exploits0References4
NVD
NVD
added last week4 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS0.00283EPSS
Exploits0References5
NVD
NVD
added last week6 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.3CVSS0.00286EPSS
Exploits0References4
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added last week38 views

CVE-2026-58419 Notification API leaks private issue metadata after access revocation

Notification API leaks private issue metadata after access revocation...

0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

5.9AI score0.00298EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week17 views

CVE-2026-58419

CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References6
CVE
CVE
added last week34 views

CVE-2026-27783

CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...

4.3CVSS7.1AI score0.00283EPSS
Exploits0References5
Cvelist
Cvelist
added last week35 views

CVE-2026-27783 Gitea issue-template APIs bypass repository unit authorization

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS0.00283EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00291EPSS
Exploits0References6
CVE
CVE
added last week10 views

CVE-2026-25782

Summary: Gitea before 1.25.5 vulnerable to authorization bypass in tracked-time deletion. The bug occurs when a time entry is looked up by time ID without scoping to the issue in the request URL, allowing deletion of time-tracking entries from other issues. Affected software: Gitea server (Go pro...

5.3CVSS5.9AI score0.00286EPSS
Exploits0References4
OSV
OSV
added last week5 views

MINI-966V-W737-J2J6

Bulletin has no description...

7.5CVSS5.9AI score0.00394EPSS
Exploits0
EUVD
EUVD
added last week6 views

EUVD-2026-41561

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References6
Rows per page
Query Builder