Lucene search
K

516 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
NVD
NVD
added last week7 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS0.00277EPSS
Exploits0References2
CVE
CVE
added last week11 views

CVE-2026-50644

CVE-2026-50644 affects SOPlanning. The vulnerability is an SQL injection in the audit retention configuration, exploitable by an attacker with high privileges (parameters_all rights) who can inject SQL through the audit configuration form; execution occurs when the audit functionality is accessed...

8.6CVSS6.2AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-42576

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score0.00277EPSS
Exploits0References2
Cvelist
Cvelist
added last week37 views

CVE-2026-50644 SQL Injection in SOPlanning Audit Retention Configuration

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS0.00277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score0.00277EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-14471

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS0.00325EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:33 p.m.4 views

CVE-2026-14471

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:33 p.m.36 views

CVE-2026-14471 Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS0.00325EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:33 p.m.5 views

CVE-2026-14471 Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 8:33 p.m.52 views

CVE-2026-14471

The CVE affects Amazon mcp-gateway-registry’s metrics-service retention policy management component (pre-1.0.13). An authenticated remote user can exploit an SQL injection via a crafted table_name value interpolated into SQL statements in the identifier position, potentially impacting confidentia...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 3:17 p.m.11 views

CVE-2026-56842

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed...

7.5CVSS0.0019EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: Do not delete the error page from the page cache. This change is very similar to the change made for shmem 1. It addresses the same issue, but for the HugeTLBFS mechanism instead. Currently, when a poisoned HugeTLB pag...

5.5CVSS5.9AI score0.00165EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.8 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:0 p.m.16 views

GHSA-X4VX-RJVF-J5P4 DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

Summary When DOMPurify.sanitizeroot, INPLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be misclassifi...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49585

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.4.2 Description protobufjs preserves unknown wire elements in message.$unknowns during binary decode but lacks a decode-time option to discard these fields before retention. A crafted protobuf payload...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.34 views

CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:57 p.m.22 views

CVE-2026-53867

Capgo before 12.128.2 does not delete previously uploaded profile images, leaving orphaned files accessible via previously generated URLs, enabling unauthorized retrieval of user-uploaded content. This affects Capgo's backend storage handling when users replace or remove images. The CVE notes MED...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/06/12 12:0 a.m.10 views

Governing Claude Enterprise in Environments Where Inline Controls Can't Go

TrendAI™ integrates the Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and compliance...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/08 11:1 p.m.13 views

GHSA-X4GW-5CX5-PGMH Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

7.5CVSS5.7AI score0.00461EPSS
Exploits0References5
Rows per page
Query Builder