Lucene search
K

21928 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 6:14 p.m.3 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.9 views

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS0.0044EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 5:16 p.m.25 views

CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

6.5CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 4:33 p.m.22 views

CVE-2026-5652

CVE-2026-5652 affects Crafty Controller’s Users API component, enabling an authenticated remote attacker to perform user modification actions due to improper API permissions validation. Reported CVSS 3.1 base score 9.0 (CRITICAL) with network attack vector, low attack complexity, high confidentia...

9CVSS5.8AI score0.0044EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:33 p.m.5 views

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS5.8AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 2:48 p.m.7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

9.9CVSS5.9AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 2:31 p.m.7 views

MINI-8274-56H2-P4MP

Bulletin has no description...

2.6CVSS5.6AI score0.00112EPSS
Exploits0
OSV
OSV
added 2026/04/21 4:35 a.m.8 views

AZL-9340 CVE-2022-24801 for package python-twisted is not applicable

This CVE either no longer is or was never applicable...

8.1CVSS5.7AI score0.028EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/21 2:16 a.m.8 views

CVE-2026-40244

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...

8.4CVSS5.8AI score0.00427EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/21 2:16 a.m.6 views

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...

8.4CVSS5.9AI score0.0045EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 1:17 a.m.7 views

Malicious Package

Overview ac-sasskit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.14 views

PT-2026-34013

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS5.8AI score0.0044EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010834 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says,...

5.5CVSS5.8AI score0.0015EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011236 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be priv but we accidentally...

5.6AI score0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010780)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010780 advisory. In the Linux kernel, the following vulnerability has been resolved: leds: led-core: Fix refcount leak in ofledget classfinddevicebyofnode calls classfinddevice, it...

5.6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010863)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010863 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs: move ofnodeput to the correct location ofnodeput should have been done directly...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011224 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010707 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' DAMON debugfs interface increases...

5.5CVSS5.9AI score0.00222EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011034)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011034 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comme...

5.9AI score0.00204EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006916 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctpstreampriorities to avoid a nested loop With this refcnt added in...

5.5CVSS5.7AI score0.00111EPSS
Exploits0References4
Rows per page
Query Builder