Lucene search
K

233 matches found

OSV
OSV
added 3 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2024-57945 CVE-2024-57945 in rootio-linux - Patched by Root

Root has patched CVE-2024-57945 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.1CVSS7.6AI score0.00208EPSS
Exploits0
CVE
CVE
added 2026/06/26 7:39 p.m.12 views

CVE-2026-44732

OpenProject vulnerability CVE-2026-44732 affects the web-based project management tool prior to versions 17.3.2 and 17.4.0. The flaw occurs in the /api/v3/documents/{id} PATCH endpoint, where attacker-controlled attributes are applied to the persisted record before authorization checks, allowing ...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:59 p.m.6 views

CVE-2026-52782

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...

9.9CVSS5.7AI score0.00258EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 6:59 p.m.18 views

CVE-2026-52782

OpenProject versions prior to 17.3.3 and 17.4.1 are affected by an IDOR in /projects//settings/project_storages/ via PATCH parameter storages_project_storage[project_folder_id], allowing a project-admin to hijack another project’s managed Nextcloud/OneDrive folder on the same storage. The vulnera...

9.9CVSS5.7AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 10:12 p.m.9 views

Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Impact A user with only users.edit AND api permissions can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. Patches Patched in...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/14 4:16 a.m.5 views

UBUNTU-CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/14 3:49 a.m.7 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.2AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46390

Name of the Vulnerable Software and Affected Versions IRIS versions prior to 2.4.28 Description IRIS is a web collaborative platform designed for incident responders to share technical details during investigations. The software is susceptible to a cross-site request forgery attack, which occurs...

4.3CVSS5.3AI score0.00174EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 12:39 p.m.13 views

CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

9.3CVSS5.8AI score0.00425EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.33 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.7CVSS0.00314EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42827

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2 Description The 'PATCH /api/v3/core/users/pk/' API allows a caller with change user permissions on a target user to assign arbitrary groups via...

8.1CVSS6AI score0.00392EPSS
Exploits0References10
NVD
NVD
added 2026/05/04 5:16 p.m.10 views

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS0.00144EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 5:56 p.m.4 views

EUVD-2026-21524

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 4:50 p.m.6 views

JLSEC-2026-17

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

9.3CVSS7.1AI score0.0453EPSS
Exploits0References30
OSV
OSV
added 2026/03/31 4:50 p.m.6 views

JLSEC-2026-18

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

5.5CVSS6.8AI score0.00998EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 6:27 p.m.6 views

CVE-2026-32318 Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

7.6CVSS5.8AI score0.00078EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.13 views

PT-2026-25857

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser has a flaw in its handling of TUS resumable uploads. The software parses the 'Upload-Length' header as a signed 64-bit integer without verifying that the value is non-negative. Th...

9.9CVSS6.3AI score0.02502EPSS
Exploits18References151
NVD
NVD
added 2026/03/05 8:16 p.m.6 views

CVE-2026-28790

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

7.5CVSS0.0065EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/27 8:19 p.m.7 views

EUVD-2026-9065

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

4.9CVSS6AI score0.01607EPSS
Exploits0References1
Rows per page
Query Builder