Lucene search
K

4609 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...

8.7CVSS5.9AI score0.00367EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 2:16 p.m.6 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 2:16 p.m.12 views

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:16 p.m.7 views

DEBIAN-CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.4AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:16 p.m.2 views

UBUNTU-CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:36 p.m.3 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/26 1:36 p.m.3 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/26 1:23 p.m.20 views

CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-52204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter CVE-2025-52204 Note tha...

6.1CVSS5.8AI score0.00292EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentiall...

7.1CVSS4.8AI score0.00205EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/03/25 10:53 p.m.7 views

CVE-2026-25075 affecting package strongswan for versions less than 5.9.14-9

CVE-2026-25075 affecting package strongswan for versions less than 5.9.14-9. A patched version of the package is available...

8.7CVSS5.8AI score0.01013EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/03/25 9:11 p.m.2 views

CVE-2026-30976 Sonarr Path Traversal vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS5.8AI score0.00669EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 9:8 p.m.4 views

CVE-2026-30975 Sonarr Authentication Bypass vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...

8.1CVSS5.8AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:8 p.m.4 views

CVE-2026-30975 Sonarr Authentication Bypass vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...

8.1CVSS5.9AI score0.00466EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/25 5:48 p.m.6 views

EUVD-2026-14486

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification...

8.8CVSS5.8AI score0.00172EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7996: Fix possible oob access in mt7996macwritetxwi80211 Check frame length before accessing the mgmt fields in mt7996macwritetxwi80211 in order t...

7.1CVSS6.1AI score0.00125EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-31788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7.8AI score0.00461EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-4707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbi...

7.5CVSS7.8AI score0.00577EPSS
Exploits0References2
Rows per page
Query Builder