Lucene search
K

14234 matches found

GithubExploit
GithubExploit
added 2026/06/15 4:12 p.m.68 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering_Toolkits

No d...

9.3CVSS5.2AI score0.00159EPSS
Exploits1
NVD
NVD
added 2026/06/15 12:16 p.m.13 views

CVE-2026-34025

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS0.00283EPSS
Exploits1References2
Veracode
Veracode
added 2026/06/15 12:0 p.m.8 views

Improper Access Control

Keycloak is vulnerable to Improper Access Control. The vulnerability is due to insufficient audience restriction enforcement in the OpenID Connect token introspection endpoint, which allows an authenticated confidential client to access sensitive token claims intended for other resource servers...

6.5CVSS5.2AI score0.00366EPSS
Exploits0References9Affected Software1
GithubExploit
GithubExploit
added 2026/06/15 11:11 a.m.85 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Treck Tcp\/Ip

No d...

9.1CVSS8.6AI score0.18728EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/06/15 10:4 a.m.11 views

CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.4AI score0.00305EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:3 a.m.34 views

CVE-2026-34025 IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized network locations

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS0.00283EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/15 10:3 a.m.9 views

CVE-2026-34025 IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized network locations

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 10:3 a.m.18 views

CVE-2026-34025

CVE-2026-34025 affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The login flow derives the client IP from the HTTP X-Forwarded-For header when present, bypassing IP-based access restrictions tied to a branch location. An attacker with valid branch credentials can manipu...

5.3CVSS5.4AI score0.00283EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.13 views

CVE-2026-45831

A flaw was found in the SimpleRBACAuthorizationProvider authorization provider in the ChromaDB Python project. This vulnerability allows an authenticated user to perform actions across different tenants, databases, or collections without proper authorization. The provider incorrectly evaluates us...

8.8CVSS5.2AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.9 views

CVE-2026-45832

A flaw was found in ChromaDB. All V1 collection-level endpoints in the Python project pass null values for tenant and database to the authorization layer. This allows a remote attacker to bypass authorization controls by utilizing these V1 endpoints. The primary consequence is unauthorized access...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49196

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.25 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/12 7:32 p.m.16 views

EUVD-2026-35393

TYPO3 CMS has Broken Access Control in its Form Framework...

7.6CVSS5.2AI score0.00253EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 7:32 p.m.14 views

GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework

Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...

7.6CVSS6.1AI score0.00253EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 5:12 p.m.11 views

EUVD-2026-36511

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS5.3AI score0.00226EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

FreeBSD : FreeBSD -- sigqueue(2) missing capability mode restriction (94f20492-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94f20492-6473-11f1-958d-bc241121aa0a advisory. sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 5:15 p.m.30 views

CVE-2026-20254 Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...

5.7CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:15 p.m.21 views

CVE-2026-20254

The affected products are Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user (not admin/power) can craft a malicious classic dashboard that exfiltrates sens...

5.7CVSS5.5AI score0.00247EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 5:15 p.m.9 views

CVE-2026-20254 Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...

5.7CVSS5.2AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.13 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder