Lucene search
+L

3045 matches found

cve
cve
added 4 hours ago7 views

CVE-2026-46515

CVE-2026-46515 (Frogman) affects Frogman’s headless PBX control via MCP and HTTP API. Before version 1.6.3, a PERM_READ privilege was sufficient to call multiple endpoints (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query...

9.3CVSS6.2AI score
Exploits0References6
euvd
euvd
added 22 hours ago3 views

EUVD-2026-45008

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SH...

4CVSS6.1AI score
Exploits0References2
nvd
nvd
added yesterday6 views

CVE-2026-61740

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...

9.3CVSS
Exploits0References4
nvd
nvd
added yesterday6 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
nvd
nvd
added yesterday6 views

CVE-2026-54563

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS
Exploits0References1
cve
cve
added yesterday8 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44528

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score0.00389EPSS
Exploits0References2
cve
cve
added 2 days ago12 views

CVE-2026-48295

Technical details about CVE-2026-48295 are not publicly available in the provided documents. Monitor for updates from official sources; the available information notes insufficiently protected credentials and potential unauthorized read access without user interaction.

7.5CVSS6.1AI score0.00389EPSS
Exploits0References1Affected Software3
attackerkb
attackerkb
added 2 days ago3 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score0.00389EPSS
Exploits0References2
nvd
nvd
added 2 days ago6 views

CVE-2026-48332

ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS0.12002EPSS
Exploits0References1
euvd
euvd
added 2 days ago3 views

EUVD-2026-44552

ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS6.1AI score0.12002EPSS
Exploits0References1
euvd
euvd
added 2 days ago4 views

EUVD-2026-44546

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...

9.3CVSS6.1AI score0.00239EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago35 views

CVE-2026-48328 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS0.00622EPSS
Exploits0References1
euvd
euvd
added 2 days ago3 views

EUVD-2026-44543

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS6.1AI score0.00622EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-47998

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...

5.9CVSS0.00612EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-47996

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.6CVSS0.18502EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago36 views

CVE-2026-47984 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interactio...

8.2CVSS0.0053EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-47984

Technical details about CVE-2026-47984 are not publicly available in the provided documents; monitor for updates from official advisories.

9.1CVSS6.1AI score0.0053EPSS
Exploits0References1Affected Software1
cve
cve
added 2 days ago5 views

CVE-2026-47997

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could bypass security features and allow unauthorized read access. The issue is exploitable remotely over the network, does not require user interaction, and exploitation depends on conditions beyond the attacker’s contro...

5.9CVSS6.1AI score0.00612EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder