Lucene search
K

1099 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-59853

SiYuan prior to 3.7.1 exposes saved search criteria via /api/storage/getCriteria without publish-access filtering, enabling a publish-mode Reader to read private document paths, notebooks, documents, and block IDs, and to search/replace keywords for unpublished documents. This reflects a data-exp...

6.5CVSS6AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS0.00235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

JetBrains YouTrack < 2026.2.16593 Multiple Vulnerabilities

The version of JetBrains YouTrack installed on the remote host is prior to 2026.2.16593. It is, therefore, affected by multiple vulnerabilities, including: - The websandbox bridge was vulnerable to a prototype pollution attack. CVE-2026-57926 - Improper access control allowed reading users' priva...

9.8CVSS6.1AI score0.00178EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42128

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS0.00375EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42043

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS6AI score0.00375EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-48588

CVE-2026-48588 affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The issue arises in UpdateCacheMiddleware and the cache_page() decorator, which cache responses that vary on cookies when unrelated cookies are present, allowing remote attackers to read private data from the shared cache. Earl...

5.3CVSS6AI score0.00375EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 4 days ago3 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS5.9AI score0.00375EPSS
Exploits0
The Hacker News
The Hacker News
added 4 days ago18 views

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence AI platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58297

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-27771 Gitea Composer package source links use insufficient permission checks

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
CVE
CVE
added 2026/07/03 8:19 p.m.19 views

CVE-2026-24451

Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.38 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

0.00482EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.9AI score0.00303EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
NVD
NVD
added 2026/07/02 9:16 p.m.5 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.13 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:10 p.m.6 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 8:10 p.m.34 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.7 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder