Lucene search
K

848 matches found

OSV
OSV
added 2026/04/08 9:17 p.m.2 views

DEBIAN-CVE-2026-39860

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

8.4CVSS5.7AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:58 p.m.4 views

EUVD-2026-20626

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

9CVSS6AI score0.00586EPSS
Exploits1References6
CVE
CVE
added 2026/04/08 8:58 p.m.45 views

CVE-2026-39860

CVE-2026-39860 affects Nix, via a bug in the fix for CVE-2024-27297 that allowed arbitrary overwrites of files writable by the Nix build orchestrator (typically the root-running Nix daemon in multi-user setups) by following symlinks during fixed-output derivation output registration. Impact is li...

9CVSS6AI score0.00193EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.5 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 6:16 p.m.5 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:31 p.m.3 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 5:31 p.m.3 views

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 5:31 p.m.8 views

CVE-2026-34584

The CVE affects listmonk (standalone, self-hosted newsletter/mailing list app). From version 4.1.0 up to, but not including, 6.1.0, bugs in list permission checks allow users in multi-user environments to access lists they should not access. This could expose restricted lists under different scen...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/02 5:31 p.m.4 views

EUVD-2026-18450

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 5:31 p.m.18 views

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS0.00171EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

listmonk 安全漏洞

ListMonk is a high-performance, self-hosted newsletter and mailing list manager developed by Kailash Nadh. Versions of ListMonk from 4.1.0 to 6.1.0 had security vulnerabilities due to defects in list permission checks. These vulnerabilities could allow users in multi-user environments to access...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29854

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/03/30 6:16 p.m.14 views

CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS0.0028EPSS
Exploits1References1
OSV
OSV
added 2026/03/30 5:58 p.m.5 views

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

8.8CVSS5.9AI score0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/30 5:58 p.m.19 views

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

8.8CVSS0.0028EPSS
Exploits1References1
OSV
OSV
added 2026/03/30 4:41 p.m.5 views

GHSA-5HF2-VHJ6-GJ9M nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...

8.8CVSS5.9AI score0.0028EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

8.2CVSS5.9AI score0.00253EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29091

Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...

9.9CVSS5.9AI score0.60368EPSS
Exploits18References49
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-29188

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...

9.1CVSS5.8AI score0.00487EPSS
Exploits1References3
Rows per page
Query Builder