Lucene search
+L

151 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 3:56 p.m.7 views

CVE-2026-44918

A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associated with Volume Connectors or Volume Target objects, potentially changing the project permitted to access the object. Volume Connectors contain secrets in environments configuring boot from volume wi...

8.7CVSS5.9AI score0.00426EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 12:16 a.m.11 views

CVE-2026-55429

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS0.00508EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.37 views

CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS0.00508EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-56073

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...

8.7CVSS5.9AI score0.00508EPSS
Exploits0References15
NVD
NVD
added 2026/07/02 12:16 a.m.9 views

CVE-2026-50279

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.12 views

EUVD-2026-40430

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 3:56 p.m.42 views

CVE-2026-58176 RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 3:56 p.m.16 views

CVE-2026-58176

CVE-2026-58176 affects RuoYi-Vue-Plus up to version 5.6.2. The FlwTaskController’s /workflow/task endpoints lacked any class- or method-level authorization, leaving task management actions (updateAssignee, urging tasks, and listing with pageByAllTaskWait/pageByAllTaskFinish) gated only by global ...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.6 views

SUSE CVE-2026-52993

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 5:16 p.m.10 views

CVE-2026-44957

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.19 views

CVE-2026-42947

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:13 p.m.12 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:13 p.m.10 views

EUVD-2026-36531

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:13 p.m.31 views

CVE-2026-42947

CVE-2026-42947 affects Naxclow IoT Platform. A flaw in the onboarding workflow lets an attacker replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account, because endpoints validate request signatures but do not verify legitimate ownership. Practical consequence: a...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 5:16 p.m.26 views

CVE-2026-20259

CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...

5.5CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

9.6CVSS5.5AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/08 3:30 p.m.45 views

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

7.6CVSS0.00274EPSS
Exploits1References2
Rows per page
Query Builder