3044 matches found
EUVD-2026-45008
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SH...
CVE-2026-61740
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...
CVE-2026-60062
The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...
CVE-2026-54563
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...
CVE-2026-60062
The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...
EUVD-2026-44682
The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...
EUVD-2026-44528
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...
CVE-2026-48295
Technical details about CVE-2026-48295 are not publicly available in the provided documents. Monitor for updates from official sources; the available information notes insufficiently protected credentials and potential unauthorized read access without user interaction.
CVE-2026-48295
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...
CVE-2026-48332
ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
EUVD-2026-44552
ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
EUVD-2026-44546
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...
EUVD-2026-44543
ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
CVE-2026-48328 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
CVE-2026-47998
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...
CVE-2026-47996
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...
CVE-2026-47984 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interactio...
CVE-2026-47984
Technical details about CVE-2026-47984 are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2026-47997
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could bypass security features and allow unauthorized read access. The issue is exploitable remotely over the network, does not require user interaction, and exploitation depends on conditions beyond the attacker’s contro...
CVE-2026-47988
Technical details about CVE-2026-47988 are not publicly available in the provided documents. Monitor for updates from vendor advisories and security bulletins.