Lucene search
+L

31194 matches found

EUVD
EUVD
added 15 hours ago6 views

EUVD-2026-45080

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...

8.4CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-43978

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00026EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-44176 Kirby: `pages.access` permission is not checked during rendering of page drafts

Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the pages.access permission during page draft rendering. Permissions are defined for each user role in the user blueprint site/blueprints/users/.... It is also possible to customize the permissions f...

6CVSS0.00033EPSS
Exploits0References2
CVE
CVE
added yesterday25 views

CVE-2026-44176

Kirby CMS vulnerability CVE-2026-44176 affects pre-4.9.1 and pre-5.4.1 releases where the path resolver could render page drafts without enforcing pages.access, potentially exposing sensitive draft content to authenticated users who know the full draft path. Root cause: page draft rendering bypas...

6CVSS6.1AI score0.00033EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.7AI score0.00292EPSS
Exploits0References8
Nuclei
Nuclei
added yesterday101 views

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.7AI score0.55861EPSS
Exploits5References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-44880

The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, whic...

2.7CVSS6.1AI score0.00132EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-47082

CVE-2026-47082 affects Cyrus IMAP (cyrus-imapd) up to version 3.12.2. The vacation Sieve option :fcc ignores destination mailbox ACLs, allowing a user’s vacation auto-replies to be delivered to any mailbox named by the script, even if the user lacks insert permissions on that mailbox. The issue i...

5.4CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-33684

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-33684

Summary: CVE-2026-33684 affects WWBN AVideo prior to 29.0. The set_api_signUp API path accepts and applies user-supplied emailVerified, canUpload, canStream, and canCreateMeet values to new accounts without confirming a valid APISecret, enabling CAPTCHA-solved (anonymous) or APISecret-authenticat...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-45535 DataEase: Stored SQL Injection Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00248EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-45535

DataEase (open source data visualization/analysis tool) contains a stored SQL injection in SQL-type datasets prior to version 2.10.23. The vulnerability arises because attacker-controlled SQL variable defaultValue entries (e.g., ${var}) are stored and SqlparserUtils.handleVariableDefaultValue() i...

8.7CVSS6.1AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2025-32781

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2 days ago15 views

CVE-2025-32781

CVE-2025-32781 affects Apollo Portal prior to 2.5.0, where an authenticated user can request a release by ID (GET /envs/{env}/releases/{releaseId}) with configView.memberOnly.envs enabled and read configuration data from other applications/namespaces. Root cause: missing application/namespace per...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44707

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-61836

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS0.00277EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-61836 Directus: Authorization-dependent response served from unsegmented cache key

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS0.00277EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-61836

CVE-2026-61836 affects Directus: prior to 12.0.0, the cache-key derivation in api/src/utils/get-cache-key.ts used version, path, query, and accountability.user but omitted authorization context (share, role, roles, admin, app, policies). This allows Directus share tokens and anonymous requests to...

8.6CVSS6.1AI score0.00277EPSS
Exploits0References4
Rows per page
Query Builder