Lucene search
K

1494 matches found

EUVD
EUVD
added 3 hours ago11 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
Nuclei
Nuclei
added 14 hours ago49 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS6.8AI score0.02205EPSS
Exploits1References5
NVD
NVD
added 2 days ago7 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 5 days ago15 views

ROOT-APP-MAVEN-CVE-2026-24734 CVE-2026-24734 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-24734 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00498EPSS
Exploits0
OSV
OSV
added 5 days ago3 views

ROOT-APP-MAVEN-CVE-2025-49125 CVE-2025-49125 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-49125 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.03163EPSS
Exploits0
OSV
OSV
added 5 days ago17 views

ROOT-APP-MAVEN-CVE-2026-42498 CVE-2026-42498 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-42498 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

7.3CVSS5.8AI score0.00548EPSS
Exploits0
OSV
OSV
added 5 days ago8 views

ROOT-APP-MAVEN-CVE-2025-48988 CVE-2025-48988 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-48988 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.54877EPSS
Exploits1
OSV
OSV
added 6 days ago30 views

ROOT-APP-MAVEN-CVE-2024-38827 CVE-2024-38827 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2024-38827 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

4.8CVSS6.7AI score0.00385EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-56246 Capgo - Cross-Organization Authorization Bypass via Scoped API Key Privilege Inheritance

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-56220 Capgo - Unauthorized Manifest Insertion via Read-Only Org Member

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago8 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS6.2AI score0.00157EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/07 6:51 a.m.3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.9AI score0.0014EPSS
Exploits0References7
NVD
NVD
added 2026/07/07 6:16 a.m.10 views

CVE-2026-4375

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...

9CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-22555

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.33 views

CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40627

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS5.7AI score0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56333

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.10 views

CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call a SECURITY DEFINER function with a publishable API key to...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder