Lucene search
+L

1084498 matches found

nvd
nvd
added 23 minutes ago2 views

CVE-2026-63085

Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...

8.8CVSS
Exploits0References3
nvd
nvd
added 23 minutes ago1 views

CVE-2026-55548

Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level ReadPacket privileges when a request omitted specific packet names: with an empty name list the...

4.3CVSS
Exploits0References5
attackerkb
attackerkb
added 36 minutes ago2 views

CVE-2026-46336

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/modelfile.rb uses the user-controlled...

7.1CVSS0.00051EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 37 minutes ago1 views

CVE-2026-15737

AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform. Unintended logging of sensitive user content in the OpenTelemetry instrumentation in AWS Bedrock AgentCore Python SDK versions 1.4.8 and...

5.7CVSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 37 minutes ago1 views

CVE-2026-45336

HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secretkey used to sign session cookies, allowing unauthenticated attackers who know the public source value to...

10CVSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 39 minutes ago2 views

CVE-2026-46687

Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from apicontroller.php without validation, and logcontroller.php later checks fileexists and calls include View::getView$template, allowing an...

7.7CVSS0.00177EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 41 minutes ago1 views

CVE-2026-46686

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS0.0003EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 46 minutes ago1 views

CVE-2026-46341

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS0.00045EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 48 minutes ago2 views

CVE-2026-45367

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.7, the FHIRPathEngine implementation passes user-controlled regular expressions from matches, matchesFull, and replaceMatches to Java regex operations without effective timeouts,...

7.5CVSS0.00086EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 50 minutes ago2 views

CVE-2026-10590

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler...

6.7CVSS
Exploits0References2
attackerkb
attackerkb
added 50 minutes ago1 views

CVE-2026-10589

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode...

6.8CVSS
Exploits0References2
attackerkb
attackerkb
added 50 minutes ago1 views

CVE-2026-10588

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory...

6.7CVSS
Exploits0References2
attackerkb
attackerkb
added 50 minutes ago1 views

CVE-2026-10587

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode...

6.8CVSS
Exploits0References2
attackerkb
attackerkb
added 51 minutes ago1 views

CVE-2026-14371

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 51 minutes ago1 views

CVE-2026-13104

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS
Exploits0References2
attackerkb
attackerkb
added 51 minutes ago1 views

CVE-2026-13103

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...

7.3CVSS
Exploits0References2
attackerkb
attackerkb
added 51 minutes ago2 views

CVE-2026-9046

A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...

7.3CVSS
Exploits0References2
attackerkb
attackerkb
added 52 minutes ago1 views

CVE-2026-6511

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS
Exploits0References3
attackerkb
attackerkb
added 54 minutes ago1 views

CVE-2026-45576

zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...

8.3CVSS0.00061EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 55 minutes ago1 views

CVE-2026-45568

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS0.00061EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder