Lucene search
K

34706 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42184

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago6 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS6.1AI score0.00124EPSS
Exploits0References5
NVD
NVD
added 3 days ago5 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-56424

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2035 Weave server API vulnerable to arbitrary file leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7.5AI score0.04974EPSS
Exploits0References7
OSV
OSV
added 4 days ago4 views

PYSEC-2026-1150 Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6AI score0.01263EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42021

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References2
NVD
NVD
added 4 days ago10 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
CVE
CVE
added 4 days ago15 views

CVE-2026-34048

CVE-2026-34048 concerns Coolify prior to 4.0.0-beta.471, where terminal websocket bootstrap routes failed to enforce terminal authorization, only checking authentication. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers. The issue is fix...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56131

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...

9.9CVSS6AI score0.00405EPSS
Exploits0References7
NVD
NVD
added 5 days ago8 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-53643

FOSSBilling (free/open-source billing and client management system) is affected in versions prior to 0.8.0. The vulnerability arises from a combination of a can_always_access module flag that grants broad access to certain modules and insufficient permission checks or unsafe parameter handling on...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-53640 FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-41889

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00478EPSS
Exploits0References1
Rows per page
Query Builder