Lucene search
K

629 matches found

EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17115

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 6:16 p.m.9 views

CVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

7.5CVSS0.00534EPSS
Exploits1References2
NVD
NVD
added 2026/03/30 4:16 p.m.8 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 3:28 p.m.4 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

6CVSS5.9AI score0.00203EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.8AI score0.01192EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.5 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.8AI score0.01192EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 8:23 p.m.27 views

CVE-2026-27953

Summary: CVE-2026-27953 affects ormar (Python)

9.8CVSS5.8AI score0.01192EPSS
Exploits1References9Affected Software1
EUVD
EUVD
added 2026/03/19 4:27 p.m.9 views

EUVD-2026-13198

ormar Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...

7.1CVSS5.8AI score0.01192EPSS
Exploits1References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:24 p.m.10 views

Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 12:24 p.m.6 views

MAL-2026-1587 Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

NewStart CGSL MAIN 6.06 (SP) : docker-ce Vulnerability (NS-SA-2026-0028)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set ...

6.3CVSS7.4AI score0.00837EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/05 11:23 a.m.3 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the SAML Identity Provider authentication process when it is...

8.6CVSS5.8AI score0.00413EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005743 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...

5.5CVSS6.7AI score0.00137EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/04 6:31 p.m.4 views

EUVD-2026-9413

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 4:7 p.m.14 views

CVE-2026-23601

CVE-2026-23601 describes a vulnerability in the wireless encryption handling of Wi‑Fi transmissions. A malicious actor can generate shared-key authenticated transmissions that impersonate a primary BSSID, delivering targeted, tampered data to specific endpoints and bypassing standard cryptographi...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22941

Name of the Vulnerable Software and Affected Versions Wi-Fi affected versions not specified Description A security issue exists in how Wi-Fi handles wireless encryption during transmissions. An attacker can create specially crafted, authenticated transmissions that appear to come from a trusted...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005402 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...

5.5CVSS5.9AI score0.00137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.5 views

CVE-2026-27839

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

4.3CVSS6AI score0.0026EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/26 10:15 p.m.7 views

wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

Summary Three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition plan data, including caloric intake and full macro breakdown, by supplying an arbitra...

4.3CVSS5.5AI score0.0026EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder