Lucene search
K

801 matches found

EUVD
EUVD
added 2026/04/09 6:31 p.m.3 views

EUVD-2026-20930

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...

5.3CVSS5.6AI score0.00259EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 7:20 p.m.18 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 7:20 p.m.2 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS6AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:20 p.m.10 views

CVE-2026-35477

CVE-2026-35477 affects InvenTree (1.2.3–1.2.6) where the PART_NAME_FORMAT validator used jinja2.sandbox.SandboxedEnvironment, but the actual renderer in part/helpers.py still used non-sandboxed jinja2.Environment. The validator also used a dummy Part with pk=None, creating a mismatch between vali...

9.9CVSS6.2AI score0.00259EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/08 3:8 p.m.4 views

MINI-3FXM-PFX4-242P

Bulletin has no description...

5.7AI score
Exploits0
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.30 views

CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

4.3CVSS0.00165EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:15 a.m.7 views

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31434

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART NAME FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 7:16 p.m.5 views

CVE-2026-39360

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS0.00201EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:58 p.m.2 views

CVE-2026-39360

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 6:58 p.m.21 views

CVE-2026-39360

RustFS contains an authorization bypass in the multipart copy path (UploadPartCopy) prior to alpha.90. A low-privileged user who cannot read objects from a victim bucket can exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload, breaking ...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30978

Name of the Vulnerable Software and Affected Versions RustFS versions prior to alpha.90 Description RustFS, a distributed object storage system built in Rust, had a missing authorization check in the multipart copy path UploadPartCopy before version alpha.90. This allowed a low-privileged user,...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References5
Circl
Circl
added 2026/04/06 9:21 p.m.9 views

GHSA-CPF3-FXWG-CWR3

creationtimestamp| type| source ---|---|--- 2026-04-06 21:21:26+00:00| published-proof-of-concept| Telegram/xKxKUYX0BRejEqYlrURXsjCQY9BctYcoeewNmSMWqY7riM...

4.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.3 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 2:1 p.m.5 views

MINI-44R8-M2M6-HC35

Bulletin has no description...

7.5CVSS5.9AI score0.00475EPSS
Exploits0
OSV
OSV
added 2026/04/03 1:45 p.m.3 views

MINI-QM29-P4VQ-WGJP

Bulletin has no description...

7.5CVSS5.9AI score0.00209EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/29 7:0 a.m.33 views

CVE-2026-5035 code-projects Accounting System Parameter view_work.php sql injection

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00389EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 8:0 p.m.2 views

MINI-2FGM-36MG-RG8X

Bulletin has no description...

7.5CVSS6.8AI score0.91969EPSS
Exploits1
OSV
OSV
added 2026/03/23 4:45 a.m.5 views

MINI-576V-R3JH-26W2

Bulletin has no description...

7CVSS7AI score0.00157EPSS
Exploits0
Rows per page
Query Builder