Lucene search
+L

7171 matches found

euvd
euvd
added 2026/07/10 12:31 a.m.8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00421EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/09 6:25 a.m.5 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.8 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
nvd
nvd
added 2026/07/08 3:16 p.m.7 views

CVE-2026-55873

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS0.00199EPSS
Exploits0References4
cve
cve
added 2026/07/08 2:48 p.m.15 views

CVE-2026-55873

SeaweedFS (distributed storage) has a vulnerability in versions 4.08–4.33 where requests signed with SigV4 for s3tables are routed to the S3Tables management API. This causes authorization to collapse account-less S3 identities into the shared admin account and fail open, enabling an authenticate...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References4
osv
osv
added 2026/07/08 2:48 p.m.3 views

CVE-2026-55873 SeaweedFS: Improper authorization in the S3Tables / Iceberg REST management API lets a low-privileged S3 user enumerate administrator-owned table buckets

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS6.1AI score0.00199EPSS
Exploits0References6
cve
cve
added 2026/07/08 2:32 p.m.24 views

CVE-2026-15062

Snowflake Snowpark Python SDK (snowpark-python) before 1.53.0 is affected by SQL injection vulnerabilities allowing authenticated low-privilege users to perform SQL beyond their authorization. Exploitation vectors described include embedding SQL payloads in source database column names to escalat...

9.6CVSS6.2AI score0.00279EPSS
Exploits0References1
cve
cve
added 2026/07/08 1:34 p.m.9 views

CVE-2026-56086

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an Incorrect Authorization vulnerability. A low-privileged, remote attacker could potentially gain unauthorized access. The CVE description provides ...

8.8CVSS6AI score0.00286EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/07/08 9:16 a.m.10 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS0.00115EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 7:36 a.m.6 views

EUVD-2026-42184

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 7:36 a.m.9 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References2Affected Software2
nvd
nvd
added 2026/07/08 1:16 a.m.6 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-57871

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the Send Support Information feature allows local attackers to cause a denial-of-service condition. An attacker with the ability to execute low-privileged code on the target system...

5.5CVSS6.3AI score0.00104EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56467

Name of the Vulnerable Software and Affected Versions SeaweedFS versions 4.08 through 4.33 Description Requests signed with the SigV4 service s3tables are routed to the S3Tables management API. In this process, authorization collapses account-less S3 identities into a shared admin account and fai...

4.3CVSS6.1AI score0.00199EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56424

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References3
osv
osv
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-2035 Weave server API vulnerable to arbitrary file leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7.5AI score0.04974EPSS
Exploits0References7
euvd
euvd
added 2026/07/07 3:19 a.m.5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/07 3:19 a.m.7 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/07/07 3:19 a.m.33 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
Rows per page
Query Builder