Lucene search
K

349 matches found

NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:14 p.m.23 views

CVE-2026-54164

Summary: API Platform Core versions prior to 4.1.30, 4.2.26 and 4.3.12 contain a type-confusion in the serializer’s AbstractItemNormalizer when resolving relation IRIs. An attacker able to submit write requests (POST/PUT/PATCH) to an API endpoint with writable relations can supply a relation IRI ...

6.5CVSS5.7AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:14 p.m.33 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:14 p.m.6 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS5.7AI score0.00195EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 7:14 p.m.5 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS5.9AI score0.00195EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44736

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.5 views

SUSE CVE-2026-53261

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.8AI score0.00119EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 5:47 p.m.6 views

CVE-2026-53261

A flaw was found in the devlink component of the Linux kernel. This issue occurs when a devlink instance acquires a nested relation but fails to register, leading to a resource leak. This can result in system instability or a denial of service DoS over time due to resource exhaustion...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53261

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.5CVSS0.00119EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53261

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39212

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.7AI score0.00119EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53261

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.5CVSS5.7AI score0.00119EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53261

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.7AI score0.00119EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53261

The CVE-2026-53261 issue affects the Linux kernel devlink path: when a devlink instance obtains a nested relation before registration and probe later fails, devl_unregister() does not run for an unregistered instance, leaking devlink->rel. The fix releases any pending relation from devlink_fre...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53261 devlink: Release nested relation on devlink free

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 11:17 p.m.3 views

MINI-CRM5-RG22-CP7V

Bulletin has no description...

6.1CVSS5.7AI score0.00178EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/23 8:18 p.m.27 views

CVE-2026-47279 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:18 p.m.22 views

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 8:18 p.m.1 views

CVE-2026-47279 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 7:35 p.m.14 views

EUVD-2026-36542

parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder