Lucene search
K

35 matches found

CVE
CVE
added 5 days ago5 views

CVE-2026-56279

Capgo before 12.128.2 is affected by an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users’ organization membersh...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 6:38 p.m.33 views

CVE-2026-59708 Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS0.00343EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 6:38 p.m.10 views

CVE-2026-59708

Ghostfolio suffers an unauthorized data exposure via GET /api/v1/public/:accessId/portfolio. The endpoint accepts private access IDs without granteeUserId filtering, enabling unauthenticated retrieval of full portfolio data (holdings, quantities, buy prices, performance metrics). Impact is confid...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 6:38 p.m.6 views

EUVD-2026-42074

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/07 6:38 p.m.4 views

CVE-2026-59708 Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56233

Name of the Vulnerable Software and Affected Versions ghostfolio affected versions not specified Description The 'GET /api/v1/public/:accessId/portfolio' endpoint allows unauthenticated access to full portfolio data because it accepts private access IDs without validating granteeUserId filtering...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/22 9:4 p.m.8 views

EUVD-2026-38372

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS5.9AI score0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50160

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description On Windows, a mismatch exists between how Caddy path matchers and the file server handle request paths. The MatchPath.MatchWithError function compares the r.URL.Path using URL path semantics and does...

7.5CVSS7.3AI score0.00409EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/04 9:31 a.m.6 views

EUVD-2026-9370

An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...

10CVSS6.3AI score0.01199EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/11/12 12:0 a.m.6 views

TOR Virtual Network Tunneling Tool 0.4.8.20

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-33899

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0088EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can acces...

7.1CVSS6.4AI score0.01164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/20 7:31 p.m.4 views

CVE-2023-5600 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-des...

3.1CVSS4.3AI score0.00229EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.7 views

CVE-2024-41806

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.10 views

CVE-2022-29564

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801...

7.5CVSS6.9AI score0.0088EPSS
Exploits0References1
Citrix
Citrix
added 2024/01/19 12:0 a.m.8 views

"Not entitled" error when accessing Device Posture in SPA service

User may face the following error when accessing Device Posture in SPASecure Private Access service...

7.1AI score
Exploits0
OSV
OSV
added 2023/11/21 11:15 a.m.5 views

CVE-2023-28802

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/21 12:0 a.m.5 views

Zscaler Client Connector Security Vulnerability

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...

5.4CVSS6.5AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.6 views

PT-2023-21978

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector versions prior to 4.2.0.149 Description An issue with improper validation of integrity check values in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service...

5.4CVSS5.5AI score0.00227EPSS
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2023/07/11 4:0 p.m.27 views

Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID

A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...

7.4AI score
Exploits0
Rows per page
Query Builder