Lucene search
K

16 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.11 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:38 p.m.5 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 7:38 p.m.20 views

CVE-2026-48089 DevGuard has improper authorization on public assets

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:38 p.m.23 views

CVE-2026-48089

CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 7:52 p.m.20 views

MAL-2026-5714 Malicious code in vite-plugin-logo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b107e832dfd60ded8637d9a6db69c980eae13bde79da4cd01d69c5a1110aca2b On require, index.js walks up to 5 parent directories searching for public/assets/logo.png, scans the file bytes for the marker VITEASSETCACHEv1,...

5.5AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.8 views

DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/11 8:26 p.m.4 views

GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.9 views

PT-2026-48812

Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.4.2 Description On API instances with public assets, any authenticated user can perform unauthorized write operations, regardless of their organization, project, or asset membership. This allows attackers to create...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/05 11:29 a.m.12 views

EUVD-2026-34824

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/29 10:30 a.m.12 views

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a...

5.9AI score
Exploits0
NVD
NVD
added 2022/07/13 9:15 p.m.24 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.8CVSS0.01578EPSS
Exploits1References6
OSV
OSV
added 2022/07/13 9:15 p.m.11 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.8CVSS8.2AI score
Exploits0References6
Prion
Prion
added 2022/07/13 9:15 p.m.22 views

Unrestricted file upload

DISPUTED An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to uploa...

6.5CVSS8.1AI score0.01578EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/07/13 12:0 a.m.21 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.4AI score0.01578EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/07/13 12:0 a.m.9 views

PT-2022-21097 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi version 4.1.12 Description: An unrestricted file upload vulnerability in the Add New Assets function allows attackers to conduct XSS attacks via a crafted PDF file. The project documentation suggests that a user with the Media Library...

8.8CVSS6.9AI score0.01578EPSS
Exploits1References17
Kitploit
Kitploit
added 2017/12/01 1:22 p.m.28 views

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs

Find interestingAmazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs via certstream and attempts to find public S3 buckets from permutations of the certificates domain name. Some quick tips if you use S3 buckets: 1. Randomi...

7.1AI score
Exploits0References1
Rows per page
Query Builder