Lucene search
+L

40 matches found

Cvelist
Cvelist
added 2026/07/07 6:38 p.m.33 views

CVE-2026-59708 Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS0.00343EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 6:38 p.m.6 views

EUVD-2026-42074

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 6:38 p.m.6 views

CVE-2026-59708

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56233

Name of the Vulnerable Software and Affected Versions ghostfolio affected versions not specified Description The 'GET /api/v1/public/:accessId/portfolio' endpoint allows unauthenticated access to full portfolio data because it accepts private access IDs without validating granteeUserId filtering...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/06 3:42 a.m.12 views

Malicious code in n8n-nodes-performance-metrics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf8fbf4cfd483a5fc72a3c3037f88de636f0732e3d591a09309e54faceff05 The package n8n-nodes-performance-metrics was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2026/01/06 3:42 a.m.3 views

Malicious Package

Overview n8n-nodes-performance-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/06 3:42 a.m.4 views

Malicious Package

Overview n8n-performance-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2026/01/06 3:42 a.m.5 views

EUVD-2026-1130

Malicious code in n8n-performance-metrics npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2026/01/06 3:42 a.m.4 views

EUVD-2026-1131

Malicious code in n8n-nodes-performance-metrics npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/06 3:42 a.m.7 views

Malicious code in n8n-performance-metrics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff33e7eec92ad0ad734fb7babcf427a9a5df69ba94b95c904c1ecfce32d5ef97 The package n8n-performance-metrics was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
OSV
OSV
added 2026/01/06 3:42 a.m.7 views

MAL-2026-69 Malicious code in n8n-performance-metrics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff33e7eec92ad0ad734fb7babcf427a9a5df69ba94b95c904c1ecfce32d5ef97 The package n8n-performance-metrics was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/05 12:0 a.m.10 views

Threat Detection in Social Media Networks Using Machine Learning Based Network Analysis

The accelerated development of social media websites has posed intricate security issues in cyberspace, where these sites have increasingly become victims of criminal activities including attempts to intrude into them, abnormal traffic patterns, and organized attacks. The conventional rule-based...

7AI score
Exploits0
OSV
OSV
added 2025/11/13 12:9 a.m.6 views

GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.6AI score0.00407EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/13 12:9 a.m.10 views

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.7AI score0.00407EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/12 11:45 a.m.4 views

BIT-PARSE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0, Parse...

6.9CVSS6.6AI score0.00407EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.6 views

kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References5
NVD
NVD
added 2025/11/10 10:15 p.m.6 views

CVE-2025-64502

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS0.00407EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.9 views

Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception

In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...

6.5AI score
Exploits0
Snyk
Snyk
added 2025/10/09 11:45 p.m.4 views

Malicious Package

Overview kpi-media-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20924

Malicious code in bioql PyPI...

8.6AI score0.00155EPSS
Exploits0References6
Rows per page
Query Builder