Lucene search
K

4501 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-44604

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS6.2AI score0.00328EPSS
Exploits0References3
Circl
Circl
added 2 days ago4 views

CVE-2026-48319

creationtimestamp| type| source ---|---|--- 2026-07-14 23:14:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndij2r5s2t 2026-07-14 23:23:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqndztabyk2g...

9.9CVSS6.1AI score0.00932EPSS
Exploits0References2
Circl
Circl
added 2 days ago4 views

CVE-2026-59835

creationtimestamp| type| source ---|---|--- 2026-07-14 16:09:06+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3mqmlql2p442t 2026-07-14 16:40:16+00:00| seen| https://infosec.exchange/users/edwardk/statuses/116919318349382034 2026-07-14 19:00:52+00:00| seen|...

8.6CVSS6.1AI score0.00442EPSS
Exploits0References5
NCSC
NCSC
added 3 days ago6 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42997

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 6 days ago2 views

CVE-2026-55515 Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending-find$acceptanceId by global ID without checking access to the related checkoutable asset, allowing a reports user in...

5CVSS6.1AI score0.00256EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.9 views

Progress MOVEit Transfer < 2025.0.8 / 2025.1.0 < 2025.1.4 / 2026.0.0 < 2026.0.1 Multiple Vulnerabilities

The version of Progress MOVEit Transfer installed on the remote host is prior to 2025.0.8, 2025.1.x prior to 2025.1.4, or 2026.0.x prior to 2026.0.1. It is, therefore, affected by multiple vulnerabilities: - Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress...

8CVSS6.1AI score0.00442EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 9:16 p.m.8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 9:6 p.m.33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 9:6 p.m.15 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/07/08 8:17 p.m.8 views

CVE-2026-8649

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

9.8CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 7:41 p.m.6 views

EUVD-2026-42370

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 7:41 p.m.34 views

CVE-2026-8649 Institution scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:41 p.m.11 views

CVE-2026-8649

Summary of CVE-2026-8649 : An instance of Improper Neutralization of Special Elements in Data Query Logic affects MOVEit Transfer (Custom Reports modules). The issue impacts MOVEit Transfer versions prior to 2025.0.7 and from 2025.1.0 up to before 2025.1.3. The CVSS vectors indicate a high-severi...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/08 3:16 p.m.12 views

CVE-2026-10698

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-10699

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 2:18 p.m.22 views

CVE-2026-10699

CVE-2026-10699 affects Progress MOVEit Transfer (Custom Reports modules) with a memory leak caused by missing release of memory after its effective lifetime. Affects MOVEit Transfer versions: 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1. The issue can lead to d...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/08 2:18 p.m.5 views

EUVD-2026-42279

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 2:16 p.m.33 views

CVE-2026-10698 Table scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 2:16 p.m.5 views

EUVD-2026-42278

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1
Rows per page
Query Builder