Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:44 p.m.8 views

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS5.8AI score0.00538EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:43 p.m.9 views

Budibase has nonymous NoSQL operator injection via published-app query templates

Summary enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars...

10CVSS5.9AI score0.00538EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-43880

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

5.3CVSS5.6AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:37 p.m.10 views

CVE-2026-43880 WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:37 p.m.12 views

CVE-2026-43880

CVE-2026-43880 involves WWBN AVideo’s endpoint objects/sendEmail.json.php, where unauthenticated calls can send emails using the site’s SMTP and the site’s From/Reply-To identity. When contactForm is omitted, an attacker-supplied email becomes the recipient, while the message From/Reply-To uses t...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:56 p.m.9 views

AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the Site’s Legitimate From Address

Summary objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated callers, uses the site's own contact email as the message From:/Reply-To:. The...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37296

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists in the 'objects/sendEmail.json.php' endpoint where the absence of the contactForm parameter allows unauthenticated users to send emails to arbitrary recipients. When this parameter is...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13305

Malicious code in bioql PyPI...

10CVSS6.4AI score
Exploits0References3
CNVD
CNVD
added 2025/05/28 12:0 a.m.3 views

Unspecified Vulnerability in Gnu Screen

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from a security vulnerability that stems from a pseudo-terminal default mode change, which can be exploited by an attacker to cau...

5.1CVSS6.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.2 views

GNU Screen 安全漏洞

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from a security vulnerability that stems from a pseudo-terminal default mode change, which can be exploited by an attacker to cau...

5.1CVSS6.5AI score0.00201EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/04 8:12 p.m.16 views

CVE-2025-0782

A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability...

7.8AI score
Exploits0References4
NVD
NVD
added 2025/05/02 9:15 p.m.21 views

CVE-2025-0782

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
OSV
OSV
added 2025/05/02 9:15 p.m.5 views

CVE-2025-0782

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.4AI score
Exploits0
CVE
CVE
added 2025/05/02 8:11 p.m.64 views

CVE-2025-0782

CVE-2025-0782 is tied to a vulnerability in the S3 bucket configuration used by h2oai/h2o-3, where public write access to the bucket named “h2o-release” could allow an attacker to overwrite any file and potentially enable remote code execution for users downloading binaries. The primary exploit v...

9.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/02 8:11 p.m.5 views

CVE-2025-0782

...

9.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.6 views

PT-2025-18919 · H2O.Ai · H2O-3

Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 affected versions not specified Description: A vulnerability in the S3 bucket configuration allows public write access to the 'h2o-release' bucket. This could enable an attacker to overwrite any file in the bucket, potentially...

10CVSS9.4AI score
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.6 views

The vulnerability of Cisco IOS XR operating systems arises from the lack of control over public write permissions for installed application files. This allows attackers to circumvent existing security restrictions.

The vulnerability of Cisco IOS XR operating systems lies in the lack of control over public write permissions for installed application files. Exploiting this vulnerability can allow a perpetrator to circumvent existing security restrictions...

6.8CVSS5.4AI score0.00144EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.5 views

The vulnerability of the validation component of the Aurora operating system, related to the lack of control over public rights to write the installed application files, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the validation component of the “Aurora” operating system is related to the lack of control over public rights to write the files that are installed by applications. Exploiting this vulnerability can lead to violations of data confidentiality, integrity, and accessibility...

4CVSS5.5AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/10 12:0 a.m.4 views

PT-2024-6136 · Аврора · Аврора

Name of the Vulnerable Software and Affected Versions: Аврора affected versions not specified Description: The issue is related to a component validation vulnerability in the Аврора operating system, which is caused by the lack of control over public write permissions for installed application...

3.8CVSS6.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/03/12 2:20 p.m.17 views

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

0.5AI score
Exploits0References10
Rows per page
Query Builder