Lucene search
K

972 matches found

CVE
CVE
added 2026/04/07 5:9 p.m.7 views

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.2 views

PT-2026-30930

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

5.3CVSS5.8AI score0.01131EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.3 views

CVE-2026-3210

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.3 views

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS6AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15465

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

6.5CVSS5.8AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 4:16 p.m.5 views

CVE-2026-3210

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

5.3CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 3:21 p.m.2 views

CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 3:21 p.m.21 views

CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 3:21 p.m.11 views

CVE-2026-3210

CVE-2026-3210 relates to an Incorrect Authorization vulnerability in the Drupal Material Icons module, allowing forceful browsing. Affected software: Drupal Material Icons versions prior to 2.0.4. Root cause: insufficiently restricted permissions on CKEditor-related routes (dialog and autocomplet...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Drupal Material Icons 安全漏洞

Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 4:24 a.m.25 views

CVE-2026-32953

Tillitis TKey Client (Go module tkeyclient) versions

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/19 8:46 p.m.5 views

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG via induced transient faults in the Keccak-based expansion process. An attacker can compromise key material and cryptographic outcomes by physically manipulating seed or...

5.7CVSS5.8AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/17 3:36 p.m.3 views

EUVD-2026-12574

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 3:16 p.m.2 views

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 2:48 p.m.3 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 2:48 p.m.18 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 2:48 p.m.8 views

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References2
Rows per page
Query Builder