Lucene search
K

630 matches found

Nuclei
Nuclei
added yesterday90 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
NVD
NVD
added 5 days ago8 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS0.00309EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00309EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-44787

Discourse exposes a flaw in signup: before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a new user could set primary_group_id and gain whisper-group privileges when whispers_allowed_groups is configured. This is fixed in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The CVSS 3.1 base score ...

8.2CVSS6AI score0.00309EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-44787 Discourse: Signup-time primary_group_id assignment grants whisperer access

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS0.00309EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56993

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The signup flow allows newly registered users to set the primary group id variable...

8.2CVSS6.1AI score0.00309EPSS
Exploits0References12
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-27657

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

7.5CVSS0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.5 views

EUVD-2026-41632

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

5.9AI score0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.14 views

CVE-2026-27657

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

5.9AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.10 views

CVE-2026-27657

CVE-2026-27657 affects Gitea prior to 1.25.5. The issue arises in the email settings workflow where a user can alter another user’s primary email address, described as an Authorization Bypass Through User-Controlled Key. Affected evidence in connected sources indicates the root cause is insuffici...

7.5CVSS5.9AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-27657 Gitea email settings allow changing another user's primary email address

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

0.00345EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-27657 Gitea email settings allow changing another user's primary email address

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

7.5CVSS5.9AI score0.00345EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the STARTTLS process. An attacker can compromise the security of the TLS connection by exploiting a scenario where a new transfer reuses an existing live connection despite a mismatch in TLS...

9.1CVSS6AI score0.0052EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:8 a.m.7 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure...

5.3CVSS6AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 8:8 a.m.38 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...

5.3CVSS6AI score0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55600

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description A flaw allows a user to change the primary email address of another user. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40004

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 10:16 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 9:30 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder