Lucene search
K

34877 matches found

CVE
CVE
added 4 hours ago7 views

CVE-2026-62348

TDengine TDengine Enterprise prior to 3.4.1.15 is affected. An authenticated low-privilege SQL user could issue KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the MND_OPER_SSMIGRATE_DB privilege check was commented out. ...

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS6.1AI score
Exploits0References2Affected Software2
CVE
CVE
added 6 hours ago6 views

CVE-2026-20298

CVE-2026-20298 affects Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24. A low-privileged user without admin/power roles could view stored credential hashes by query...

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-44738

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS6.1AI score
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2025-32781

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS6.1AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44712

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
NVD
NVD
added 8 hours ago6 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
F5 Networks
F5 Networks
added 9 hours ago5 views

K000161971: NGINX Agent vulnerability CVE-2026-60062

Security Advisory Description The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A...

6.4CVSS5.8AI score
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 10 hours ago4 views

CVE-2026-46640

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...

8.7CVSS6.4AI score0.00056EPSS
Exploits0References2
Cvelist
Cvelist
added 12 hours ago10 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 12 hours ago6 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4Affected Software1
CVE
CVE
added 13 hours ago3 views

CVE-2026-40633

Summary: Dell PowerScale OneFS contains an information disclosure vulnerability (Insertion of Sensitive Information into Log File) affecting PowerScale OneFS 9.5.0.0–9.10.1.7 and 9.11.0.0–9.13.0.2. A low-privilege, local attacker could exploit this to disclose information. Affected products/versi...

7.8CVSS6.1AI score
Exploits0References1Affected Software1
Nuclei
Nuclei
added 18 hours ago39 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.2AI score0.04974EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago155 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS6.9AI score0.02837EPSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-36035

Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a Denial of Service DoS via removing the license from the webserver...

6.5CVSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday4 views

Low: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

2.5CVSS6.3AI score0.0019EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-48328

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS
Exploits0References1
Rows per page
Query Builder