Lucene search
K

3142 matches found

Vulnrichment
Vulnrichment
added 2026/06/07 10:45 p.m.10 views

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/07 10:45 p.m.32 views

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS0.0022EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47196

Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.7AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-0067

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 3:16 p.m.17 views

CVE-2026-10860

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as $validationError === null && POST || DELETE, meaning a DELETE request...

7.9CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:34 p.m.6 views

CVE-2026-10860

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as $validationError === null && POST || DELETE, meaning a DELETE request...

7.9CVSS5.8AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.12 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.14 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.16 views

EUVD-2026-33807

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.9AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.14 views

EUVD-2026-33799

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6AI score0.00082EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33787

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33766

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.16 views

CVE-2026-0067

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00083EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.11 views

CVE-2026-0009

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.34 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

0.00074EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.44 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.9AI score0.00074EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.15 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

5.9AI score0.00074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.13 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder