Lucene search
K

7076 matches found

CVE
CVE
added 2026/06/25 1:48 p.m.13 views

CVE-2026-46735

Dell Display and Peripheral Manager (DDPM Mac) versions prior to 2.3 are affected by an OS Command Injection due to improper neutralization of special elements in OS commands. A low-privilege, locally authenticated attacker could potentially execute commands on the system. The vulnerability affec...

7.8CVSS5.9AI score0.00693EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52389

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 HF1 Description An issue exists where the system accepts extraneous untrusted data mixed with trusted data. This occurs due to improper input validation, allowing attacker-controlled data to be...

9.8CVSS6.4AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52203

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Insufficient authorization checks could allow an authenticated user with limited permissions to access project...

3.1CVSS5.8AI score0.00182EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 9:17 p.m.10 views

CVE-2026-47388

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...

2.3CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:9 p.m.31 views

CVE-2026-47388

NocoDB is affected by CVE-2026-47388: Missing ownership check in MCP Attachment Read allows a low-privilege MCP token holder with knowledge of an attachment path to read files in shared storage (including attachments from other bases/workspaces). The issue arises because readAttachment did not ve...

2.3CVSS5.9AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.4 views

CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS0.0031EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34913

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS0.00235EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.4 views

EUVD-2026-38509

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.34 views

CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS0.0031EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.31 views

CVE-2026-34913

CVE-2026-34913 describes a missing access control check in Revive Adserver up to version 6.0.6 in the campaign-trackers.php workflow, where a low-privileged user could link trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. The und...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
AlpineLinux
AlpineLinux
added 2026/06/23 4:8 p.m.4 views

CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51554

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.7 Description Insufficient validation of user input during the process of saving delivery limitations allows a low-privileged user to inject malicious PHP code into the compiledlimitations database field v...

8.8CVSS6.8AI score0.00499EPSS
Exploits2References10
NVD
NVD
added 2026/06/22 8:16 p.m.11 views

CVE-2026-44274

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 8:16 p.m.11 views

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 7:0 p.m.35 views

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.1CVSS0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:56 p.m.4 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS6AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:41 p.m.14 views

CVE-2026-8823

Mattermost versions affected are 11.7.x <= 11.7.0 and 10.11.x

3.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 5:46 a.m.4 views

BIT-MYSQL-SHELL-2026-46871

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51375

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with remote access to potentially gain unauthoriz...

8.1CVSS6AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder