Lucene search
K

8602 matches found

Nuclei
Nuclei
added 17 hours ago38 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.2AI score0.04974EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-59154

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 3 days ago7 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-56689

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56086

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with...

8.8CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-56086

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with...

8.8CVSS0.00286EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
NVD
NVD
added last week8 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-53643

FOSSBilling (free/open-source billing and client management system) is affected in versions prior to 0.8.0. The vulnerability arises from a combination of a can_always_access module flag that grants broad access to certain modules and insufficient permission checks or unsafe parameter handling on...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/07/04 11:33 a.m.21 views

CVE-2026-12195

The CVE-2026-12195 entry concerns myVesta with an authenticated remote code execution vulnerability. The issue arises when low-privilege users delete FTP usernames and can inject arbitrary commands via the v_ftp_user parameter, allowing command execution as the admin user or takeover of the admin...

8.5CVSS6.7AI score0.00656EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 1:4 p.m.20 views

CVE-2026-46467

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/03 12:46 p.m.16 views

CVE-2026-56085

Dell PowerProtect Data Domain is affected by CVE-2026-56085. The description indicates an use of uninitialized resource vulnerability in versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70, with a low-privileged, local attacker potentially caus...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:2 p.m.8 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/02 2:2 p.m.7 views

EUVD-2026-41374

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55260

Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...

8.7CVSS5.9AI score0.00247EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
Rows per page
Query Builder