Lucene search
K

264 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00291EPSS
Exploits0References6
NVD
NVD
added 2026/07/01 7:16 p.m.6 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 9:5 p.m.11 views

EUVD-2026-37951

mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...

10CVSS5.8AI score0.00498EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52106

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp versions 0.24.0 through 1.0.9 Description A workspace-boundary bypass exists because the McpContext.validatePath function fails to canonicalize symbolic links when checking if a path falls under configured root paths. This...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/09 8:33 p.m.11 views

EUVD-2026-35828

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have a vulnerability related to input validation...

8.1CVSS5.3AI score0.0039EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.4 views

The vulnerability of the Go “bug” command in the Go programming language allows a hacker to gain access to read and write arbitrary files.

The vulnerability of the Go “bug” in the Go programming language is related to the incorrect definition of symbolic references before accessing files. Exploiting this vulnerability can allow an attacker to gain access to and read/write arbitrary files...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44561

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.5AI score0.00178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8108

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

7.8CVSS5.4AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-47083

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated user with base-create permission can attach a SQLite source pointing to an arbitrary file on the host, including internal databases. The SQLite client and the base/integration...

5.3CVSS6AI score0.00324EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2026/06/04 3:15 p.m.20 views

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...

6AI score
Exploits0
NVD
NVD
added 2026/06/02 5:16 p.m.18 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:13 p.m.11 views

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 12:57 p.m.45 views

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS0.04102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43240

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References2
CheckPoint Security
CheckPoint Security
added 2026/05/24 12:0 a.m.10 views

CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance

Symptoms - When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access...

4.1CVSS5.8AI score0.04102EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in qemu. A host privilege escalation issue was identified in the virtio-fs shared file system daemon, where a privileged guest user can create a device-specific special file in the shared directory and use it to gain read/write access to host devices...

8.2CVSS7.2AI score0.00522EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fixed a potential out-of-bounds issue related to read/write operations via C45 clause 45 of the mdiobus interface. When using publicly available tools like ‘mdio-tools’ to read/write data from/to network interfaces v...

7.1CVSS6.3AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:3 p.m.15 views

CVE-2024-36343

CVE-2024-36343 describes improper input validation in the System Management Mode (SMM) communications buffer, enabling a privileged attacker to perform an out-of-bounds read or write in a limited portion of the Top of Memory Segment (TSEG) on AMD platforms. The issue can impact confidentiality an...

4.6CVSS5.9AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder