Lucene search
K

52904 matches found

EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-40453

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-40454

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-40695

Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-40684

Inappropriate implementation in Permissions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
CVE
CVE
added yesterday3 views

CVE-2026-13996

CVE-2026-13996 affects Google Chrome prior to 150.0.7871.47, where an incorrect implementation in the Permissions UI could allow a remote attacker to perform UI spoofing via a crafted HTML page. The underlying issue is an inappropriate permissions UI implementation, enabling spoofed UI elements t...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-57995

phpMyFAQ

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-56300

Capgo before 12.128.2 is affected by CVE-2026-56300 due to unauthenticated security definer RPCs (get_user_id, get_org_perm_for_apikey) that expose API key validity and user UUIDs. Attackers with a public API key can validate leaked keys, enumerate users and apps, and infer permission levels, inc...

8.7CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-40361

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS5.8AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.6AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40234

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago21 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00162EPSS
Exploits0References4
NVD
NVD
added 2 days ago7 views

CVE-2026-43713

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data...

6.5CVSS0.00168EPSS
Exploits0References3
CVE
CVE
added 2 days ago6 views

CVE-2026-43713

CVE-2026-43713 concerns a permissions issue in Safari/WebKit that could allow leakage of sensitive data when visiting a website. The public advisories indicate the fix is in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Connected documents explicitly describe the vulnerability...

6.5CVSS5.8AI score0.00168EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-43713

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data...

0.00168EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago33 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7.2AI score0.08449EPSS
Exploits1References5
Veeam
Veeam
added 2 days ago5 views

Release Information for Veeam Backup for Microsoft 365 8.5

Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...

5.7AI score
Exploits0Affected Software1
Nuclei
Nuclei
added 3 days ago46 views

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...

5.3CVSS6.3AI score0.12719EPSS
Exploits0References2
Rows per page
Query Builder