Lucene search
+L

121 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.3 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:34 p.m.7 views

CVE-2026-50132 Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase

Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...

7.3CVSS5.9AI score0.00192EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/25 6:1 p.m.8 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References2
NVD
NVD
added 2026/06/24 9:16 p.m.11 views

CVE-2026-52800

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be add...

8.8CVSS0.00248EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: procfs: Fixed a missing RCU protection when reading realparent in dotaskstat. When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection. This leads to the following sequence of events: cpu 0 c...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 2:31 p.m.14 views

Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets

Summary An authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the admin's bcrypt password hash and email, plus user/config/ with all site configuration. The download endpoint requires...

6.8CVSS6.1AI score0.00174EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/15 10:2 a.m.22 views

CVE-2026-34021

The CVE-2026-34021 entry concerns Wertheim SafeController 5400 (Controller 5400) with AssemblyVersion 6.11.8130.22320. The root cause is lack of cryptographic protection in RS-485 communications between the server and the microcontroller. This enables an attacker with access to the RS-485 path to...

8.6CVSS5.5AI score0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 10:2 a.m.39 views

CVE-2026-34021 Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sniffing and replay

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...

8.6CVSS0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.15 views

CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

8.1CVSS5.5AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-40926

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

7.1CVSS5.6AI score0.00166EPSS
Exploits1References1
OSV
OSV
added 2026/06/04 7:27 p.m.10 views

GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46852

Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46884

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description A non-admin API user with integration:create ACL privilege can escalate their privileges to full administrator. This is possible by creating an integration wi...

6.5CVSS5.3AI score0.00034EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/29 10:7 p.m.25 views

Admidio PKCS#12 private key export action lacks CSRF protection

Summary The sensitive mode=export action in modules/sso/keys.php exports a PKCS12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger private key export without a...

5.8AI score0.00009EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44424

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description Casdoor maps SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/saml sp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.7AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 2:58 a.m.9 views

CVE-2026-41656

CVE-2026-41656 (Admidio) : Prior to 5.0.9, the add mode of modules/documents-files.php accepts a name parameter with only string-based HTML encoding validation, allowing path traversal (../) and, combined with absent CSRF protection and SameSite=Lax cookies, enables a low-privilege attacker to tr...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises when the ioam6 function sets trace-type.bit6. This can lead to out-of-bounds access on the RX...

9.1CVSS5.8AI score0.00442EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 8:16 p.m.37 views

CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

5.4CVSS0.00106EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 7:58 p.m.40 views

CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

8.3CVSS0.00173EPSS
Exploits1References2
Rows per page
Query Builder