Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41641

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...

7.2CVSS5.8AI score0.01833EPSS
Exploits1References1
OSV
OSV
added 2026/06/01 11:39 a.m.10 views

BIT-ELK-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 7:51 p.m.9 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:47 p.m.24 views

CVE-2026-42398

Kibana is affected by SSRF (CWE-918) where authenticated users with connector-management privileges can bypass the operator-configured allowlist by configuring a Webhook connector to target destinations. The issue allows outbound requests to blocked destinations as per egress controls. Affected v...

7.7CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Talend Administration Center 安全漏洞

Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. Talend Administration Center has a security vulnerability that stems from stored XSS payloads. This vulnerability could be exploited by...

5.4CVSS5.8AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:53 p.m.36 views

CVE-2026-44194

The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...

9.1CVSS6.1AI score0.06355EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 5:14 p.m.7 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/01 6:36 p.m.4 views

EUVD-2026-17927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 4:23 p.m.5 views

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

6.5CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 2:54 p.m.18 views

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/20 1:37 p.m.4 views

CVE-2026-26939

A flaw was found in Kibana. An authenticated attacker with rule management privileges could exploit a missing authorization vulnerability in the server-side Detection Rule Management. This allows the attacker to configure unauthorized endpoint response actions, such as host isolation, process...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 6:31 p.m.5 views

EUVD-2026-13143

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 6:16 p.m.4 views

CVE-2026-26939

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

6.5CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6654

Name of the Vulnerable Software and Affected Versions Qdrant versions 1.9.3 through 1.15.5 Description Qdrant, a vector similarity search engine and vector database, contains a flaw where an attacker can append to arbitrary files via the /logger endpoint. This is possible due to an...

8.5CVSS6.2AI score0.0049EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.7 views

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

6.2CVSS6.6AI score0.0008EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

5.5CVSS6.6AI score0.00076EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-36033

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.10582EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-37689

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01456EPSS
Exploits0References2
OSV
OSV
added 2025/06/30 6:31 p.m.4 views

GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.1AI score0.00177EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/30 4:51 p.m.7 views

CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS0.00177EPSS
Exploits0References1
Rows per page
Query Builder