Lucene search
K

427 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-12274

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.1AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS0.00239EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42901

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 9:16 p.m.24 views

CVE-2026-54601 FastGPT: reTrainingCollection allows server-owned datasetId override causing cross-tenant authorization confusion

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 7:23 a.m.6 views

CVE-2026-53166

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53215

CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...

9.8CVSS6AI score0.00546EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/13 3:16 a.m.25 views

CVE-2026-54228

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 10:55 p.m.12 views

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

4.3CVSS5.5AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.5AI score0.00226EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 9:47 p.m.14 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/06/04 9:43 p.m.17 views

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.2AI score0.03663EPSS
Exploits24References3
RedHat Linux
RedHat Linux
added 2026/06/04 9:24 p.m.12 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
EUVD
EUVD
added 2026/06/04 12:51 p.m.11 views

EUVD-2026-34257

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:51 p.m.12 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/03 4:14 p.m.8 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
OSV
OSV
added 2026/05/29 10:10 p.m.8 views

GHSA-6X26-5727-RRM9 Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...

6.4CVSS6AI score0.00182EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/23 4:3 p.m.95 views

wpsecscan

WPSecScan !testshttps://github.com/bryanflowers/wpsecscan...

6.1AI score
Exploits0
Rockylinux
Rockylinux
added 2026/05/23 6:0 a.m.54 views

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

7.8CVSS6.1AI score0.03663EPSS
Exploits17
OSV
OSV
added 2026/05/23 6:0 a.m.16 views

RLSA-2026:19666 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel CVE-2026-46300 kernel: Read root-owned fil...

7.8CVSS6.1AI score0.03663EPSS
Exploits17References3
Rows per page
Query Builder