Lucene search
+L

3055 matches found

NVD
NVD
added 2026/06/17 10:53 a.m.14 views

CVE-2026-46810

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

6.5CVSS0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50487

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References10
OSV
OSV
added 2026/06/16 11:55 p.m.11 views

GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser

File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 11:41 p.m.10 views

Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...

8.5CVSS5.5AI score0.00291EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 10:40 p.m.8 views

GHSA-H3JJ-5F3V-3685 n8n: Public API Execution Retry Authorization Bypass

Impact The Public API endpoint for retrying executions authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a shared workflow could use the Public API to retry executions of that workflow, bypassing the intended permission boundary...

6.4CVSS5.5AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 6:59 p.m.9 views

GHSA-HV7X-3X78-GX53 n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

Impact The POST /workflows/workflowId/test-runs/new endpoint authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a workflow could trigger a real evaluation test run, causing the workflow to execute via the internal workflow runner. Th...

7.4CVSS5.7AI score0.00161EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 7:33 a.m.6 views

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with...

2.7CVSS6.8AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49982

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue in the Core component of Oracle VM VirtualBox allows a high-privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful...

3.2CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49923

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

5.3CVSS5.1AI score0.00337EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/15 7:54 a.m.13 views

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with...

2.7CVSS6.8AI score0.00259EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 9:53 p.m.14 views

GHSA-239W-M3H6-CH8V File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

6.8CVSS5.2AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 7:6 p.m.9 views

GHSA-Q93M-25XV-94HH TYPO3 CMS: Broken Access Control in Media Module

Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.33 views

MongoDB 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - When OIDC authentication is enabled in configuration, clients may set specific values in the 'mechanism' parameter of the 'authenticate'...

8.2CVSS6AI score0.00347EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 8:16 p.m.17 views

CVE-2026-46622

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 9:26 p.m.2 views

CVE-2026-45358 ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 2:16 p.m.11 views

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35853

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS5.5AI score0.00224EPSS
Exploits0References2
Rows per page
Query Builder