Lucene search
+L

244 matches found

The Hacker News
The Hacker News
added 2026/07/07 4:37 p.m.27 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/15 8:36 a.m.9 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 8:36 a.m.35 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.12 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49189

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/12 2:44 a.m.80 views

websec-skills

websec-skills Web Security Vulnerability Testing Skills Set,...

5.5AI score
Exploits0
CVE
CVE
added 2026/06/10 1:59 p.m.29 views

CVE-2026-45552

CVE-2026-45552 affects Roxy-WI web interface (versions up to 8.2.6.4). The install blueprint allows bp.before_request → @jwt_required(), but several endpoints under /install/* (install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, get_task_status) lack admin/ownership c...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6343

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/03 2:20 p.m.7 views

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00375EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2026/06/03 2:19 p.m.6 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00704EPSS
Exploits0References26
NVD
NVD
added 2026/05/21 8:16 a.m.17 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS0.00152EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.13 views

Mattermost doesn't check public/private permissions

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/18 9:31 a.m.8 views

GHSA-M79Q-8QF5-V622 Mattermost doesn't check public/private permissions

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 9:31 a.m.26 views

GHSA-GVG4-JHMR-6J23 Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 9:16 a.m.18 views

CVE-2026-6343

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 9:16 a.m.19 views

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:32 a.m.14 views

EUVD-2026-30751

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 8:32 a.m.49 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:32 a.m.10 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder