Lucene search
K

316 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-44738

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-20298

CVE-2026-20298 affects Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24. A low-privileged user without admin/power roles could view stored credential hashes by query...

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44712

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57859

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.4.0 Description A low-privileged user can bypass the /admin/export UI to exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV file containing the full Personally...

6.5CVSS6.1AI score0.00217EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-57870

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the handling of screen recording files allows a local attacker with low-privileged code execution capabilities to create a denial-of-service condition. The issue occurs when the...

5.5CVSS6.5AI score0.00104EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 3:19 a.m.5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:3 p.m.9 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/29 10:30 a.m.36 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 8:17 p.m.15 views

EUVD-2026-33016

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

8.8CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services contain security vulnerabilities. These vulnerabilities st...

7.9CVSS5.8AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:29 a.m.12 views

CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.13 views

TeamViewer DEX Platform On-Premises 安全漏洞

The TeamViewer DEX Platform On-Premises is a locally deployed digital employee experience management platform by the German company TeamViewer. Prior to version 9.2 of the TeamViewer DEX Platform On-Premises, there were security vulnerabilities. These vulnerabilities stemmed from incorrect...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 2:16 p.m.25 views

CVE-2026-34930

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...

7.8CVSS0.00213EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

4.3CVSS6AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.17 views

EUVD-2026-27854

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. These vulnerabilities stem from improper ownership management, allowing users with low privileges to access configuration...

6CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Squidex 代码问题漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 had code vulnerabilities. These vulnerabilities stemmed from a lack of server-side request forgery protection in the Jint HTTP client. This could allow authenticated users with low...

8.6CVSS6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/21 1:22 a.m.7 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder