Lucene search
K

615 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

dataspace-portal 安全漏洞

Dataspace-portal is an open-source data space management portal developed by Sovity. Versions of Dataspace-portal from 2.1.1 to 7.3.2 had security vulnerabilities, which were caused by insufficient authorization for self-registered “PENDING” organization/user accounts...

10CVSS5.8AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39190

Name of the Vulnerable Software and Affected Versions Data Space Portal versions 2.1.1 through 7.3.1 Description Data Space Portal is an open-source Software as a Service SaaS solution for Dataspace management. The backend contains insufficient authorization regarding self-registered organization...

10CVSS5.8AI score0.00249EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 11:49 p.m.8 views

GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

6.9CVSS5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.10 views

CVE-2026-43219

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 9:17 p.m.5 views

Improper Authentication

Overview github.com/pocketbase/pocketbase/forms is a realtime backend in 1 file Affected versions of this package are vulnerable to Improper Authentication in the OAuth2 autolinking process. An attacker can gain unauthorized access to a victim's account by pre-registering an unverified user with...

7.6CVSS5.8AI score0.00247EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 9:17 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OAuth2 autolinking process. An attacker can gain unauthorized access to a victim's account by pre-registering an unverified user with the victim's email address using one OAuth2 provider, and then waiting...

7.6CVSS5.8AI score0.00247EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 3:34 p.m.36 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS0.00177EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2026/04/29 12:0 a.m.13 views

Text::CSV_XS -- CWE-825 Expired Pointer Dereference

H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...

8.4CVSS5.9AI score0.00158EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/28 12:0 a.m.8 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...

8.7CVSS5.8AI score0.00501EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 2:42 p.m.8 views

EUVD-2026-25469

In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...

5.5AI score0.00128EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013815 advisory. In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has...

5.5AI score0.00214EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.13 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010905)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010905 advisory. In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has...

5.8AI score0.00214EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010800 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the...

5.8AI score0.00171EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007576 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...

7.8CVSS6AI score0.00153EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/14 10:22 p.m.12 views

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2026/04/14 12:0 a.m.7 views

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.8 views

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

4.3CVSS5.8AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Prior to Apache OpenMeetings 9.0....

4.3CVSS5.8AI score0.00418EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 9:10 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the requestEmailChange mutation. An attacker can determine whether specific email addresses are registered by analyzing the differences in error messages returned by the system. Remediation A fix was pushed into...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 8:9 p.m.9 views

CVE-2026-39397

The CVE affects the @delmaredigital/payload-puck PayloadCMS plugin (prior to 0.6.23). The /api/puck/* CRUD endpoints registered by createPuckPlugin() bypassed collection-level access controls due to overrideAccess: true, allowing unauthenticated access to Puck-registered collections. Fixed in 0.6...

9.8CVSS5.9AI score0.00376EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder