Lucene search
K

327 matches found

Vulnrichment
Vulnrichment
added 2026/03/05 7:34 p.m.1 views

CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

7.5CVSS5.8AI score0.0065EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 7:34 p.m.7 views

CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

7.5CVSS5.8AI score0.0065EPSS
Exploits1References5
OSV
OSV
added 2026/03/03 2:48 p.m.3 views

GHSA-VF6J-6739-78M8 Rancher's Azure AD permission changes are not reflected on active sessions

A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or ar...

8CVSS5.9AI score0.00454EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/02 9:42 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the KillAction function. An attacker can terminate active jobs initiated by legitimate users by directly invoking the KillAction endpoint without authentication, even when guest login is required. This can...

8.2CVSS5.8AI score0.0065EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/21 6:54 a.m.4 views

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS5.8AI score0.00218EPSS
Exploits1References2
NVD
NVD
added 2026/02/03 12:16 p.m.5 views

CVE-2025-11598

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 11:33 a.m.5 views

EUVD-2025-206765

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5872

Name of the Vulnerable Software and Affected Versions mObywatel versions prior to 4.71.0 Description An unauthorized user can view an account owner's personal information in the minimized application window using the App Switcher, even after the login session has ended. Reopening the application...

1CVSS5.4AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2026/01/20 10:16 p.m.10 views

CVE-2026-21984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/20 10:15 p.m.5 views

CVE-2026-21956

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003617 advisory. An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the...

5.6CVSS7.1AI score0.04521EPSS
Exploits4References20
Cvelist
Cvelist
added 2026/01/14 6:27 a.m.27 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.6 views

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

6.5CVSS6.9AI score0.01132EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000205)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000205 advisory. An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the...

5.6CVSS7.1AI score0.04521EPSS
Exploits4References4
OSV
OSV
added 2026/01/02 3:16 p.m.3 views

CVE-2025-53592

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 2:22 a.m.4 views

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

8.8CVSS6.5AI score0.05622EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

Linksys E9450-SG 安全漏洞

The Linksys E9450-SG is a WiFi router from Linksys USA. A security vulnerability exists in the Linksys E9450-SG that originates from a local network attacker being able to send a specially crafted URL to access certain administrative functions without requiring login credentials...

8.8CVSS6.3AI score0.05622EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

6.6AI score0.00292EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.19 views

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

0.00292EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.12 views

PT-2025-48774

ASUS warns of a critical flaw in AiCloud routers CVE-2025-593656. Attackers can remotely run OS commands no login needed. • Update firmware • Disable AiCloud/Samba/WAN access if no patch • Replace end-of-life devices • Strengthen passwords https://t.co/Dt2oT0g298...

7.2AI score
Exploits0References1
Rows per page
Query Builder