Lucene search
+L

1318 matches found

OSV
OSV
added 6 days ago6 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS6.1AI score0.01905EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 3:16 p.m.7 views

CVE-2026-56309

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 1:58 p.m.31 views

CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00225EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 1:58 p.m.11 views

EUVD-2026-42893

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 1:58 p.m.4 views

CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 4:16 p.m.5 views

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS0.00137EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 4:16 p.m.3 views

ALPINE-CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS6.1AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:48 p.m.33 views

CVE-2026-23556

CVE-2026-23556 affects Xen oxenstored: when tearing down a domain, node data is cleaned but quota usage counts are leaked. On domain ID reuse, a new domain can create fewer nodes before being over quota. Impact is locally exploitable high-severity (CVSS 4.0 base 9.4, HIGH confidentiality, integri...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/09 2:48 p.m.5 views

EUVD-2026-42600

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 2:48 p.m.6 views

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 9:17 p.m.10 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/07 8:35 p.m.34 views

CVE-2026-55635 DataEase: Authenticated SQL Injection in Chart Quota Filters

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 8:35 p.m.8 views

CVE-2026-55635 DataEase: Authenticated SQL Injection in Chart Quota Filters

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 8:35 p.m.17 views

CVE-2026-55635

DataEase contains an authenticated SQL injection in chart quota filters prior to version 2.10.24. The vulnerability arises when quota and Y-axis filters embed attacker-controlled values directly into generated SQL within Quota2SQLObj.getYWheres(), without applying the SQL literal validation and e...

8.7CVSS6AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56252

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...

8.7CVSS6.1AI score0.00266EPSS
Exploits0References8
PyPA
PyPA
added 2026/07/06 8:3 a.m.5 views

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-812 OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:16 a.m.3 views

quota: Fix race of dquot_scan_active() with quota deactivation

...

7.8CVSS6.1AI score0.00129EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.7 views

SUSE CVE-2026-53050

In the Linux kernel, the following vulnerability has been resolved: quota: Fix race of dquotscanactive with quota deactivation dquotscanactive can race with quota deactivation in quotareleaseworkfn like: CPU0 quotareleaseworkfn CPU1 dquotscanactive ==============================...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Rows per page
Query Builder