Lucene search
K

311 matches found

EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42881

Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56076

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.7 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The CreateSubAgent RPC does not validate the requested app sharing level against the template's...

5.4CVSS6AI score0.00315EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:49 p.m.16 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55446

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.3 Description A path confinement bypass exists in the public web-client endpoint used for partial ZIP downloads of browsable shares. The system failed to correctly restrict client-supplied file entries to the...

5.9CVSS5.9AI score0.00057EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.10 views

EUVD-2026-39564

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.31 views

CVE-2026-56245 Supabase Capgo - Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER recordbuildtime RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/recordbuildtime with a public AP...

8.8CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:15 p.m.11 views

CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS5.4AI score0.00229EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 5:59 a.m.78 views

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 — PHPUnit Remote Code Execution RCE PoC ⚠...

9.8CVSS6.9AI score0.99999EPSS
Exploits19
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

8.5CVSS5.4AI score0.00039EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6343

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.4AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.5AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40595

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:23 a.m.11 views

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.8AI score0.00098EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:23 a.m.12 views

EUVD-2026-34208

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.8AI score0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 5:23 a.m.9 views

CVE-2026-49189 Broadcast Receiver Privilege Escalation

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.8AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from public access rights that are not checked by the core Broadcast Receiver. This vulnerability may allow unauthorized local software component...

8.5CVSS5.4AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:56 p.m.69 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.0586EPSS
Exploits3References2
Rows per page
Query Builder