Lucene search
K

2076 matches found

CVE
CVE
added 2026/04/07 4:22 p.m.12 views

CVE-2026-35604

The CVE affects File Browser prior to v2.63.1 where public share links created by a user remain accessible to unauthenticated users after the share and download permissions are revoked. The root cause is that the public share download handler does not re-check the share owner’s current permission...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/07 12:28 p.m.2 views

EEF-CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification

Summary Improper Certificate Validation vulnerability in Erlang OTP public\key pubkey\ocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public\key:pkix\ocsp\validate/5 does not verify that a CA-designated responde...

7.6CVSS5.8AI score0.002EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.3 views

CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6.1AI score0.00885EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 12:0 a.m.9 views

UBUNTU-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6AI score0.00885EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31037

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description A NULL pointer dereference can occur during the processing of a delta CRL containing a Delta CRL Indicator extension if the required CRL Number extension is missing. This can lead to a denial of...

7.5CVSS6.2AI score0.00885EPSS
Exploits0References146
OSV
OSV
added 2026/04/06 1:14 p.m.8 views

JLSEC-2026-57

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

9.8CVSS6.8AI score0.0155EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20444-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20444-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754:...

9.6CVSS7.1AI score0.66535EPSS
Exploits4References19
Github Security Blog
Github Security Blog
added 2026/04/03 3:11 a.m.10 views

OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation

Summary Gateway device.token.rotate does not terminate active WebSocket sessions after credential rotation Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 rotates device tokens without disconnecting already-authenticated WebSocket sessions, which is a...

5.4CVSS5.9AI score0.00186EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/04/03 12:52 a.m.6 views

[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6.3AI score0.00411EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/04/02 12:0 a.m.137 views

📄 listmonk Session Persistence

listmonk has a flaw where sessions persist as valid after password reset and password change. CVE-2026-34828 listmonk’s Session Persistence After Password Reset and Password Change Intro I found this issue while reviewing listmonk, an open-source newsletter and mailing list manager, with a simple...

7.1CVSS5.9AI score0.003EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/04/01 11:48 p.m.9 views

listmonk's active sessions remain valid after password reset and password change

Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...

7.1CVSS6AI score0.003EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/04/01 11:48 p.m.5 views

GHSA-H5J9-CVRW-V5QH listmonk's active sessions remain valid after password reset and password change

Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...

7.1CVSS6AI score0.003EPSS
Exploits2References5
NVD
NVD
added 2026/04/01 10:16 p.m.4 views

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...

8.8CVSS0.00502EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 10:16 p.m.8 views

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...

8.8CVSS0.00502EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:9 p.m.4 views

EUVD-2026-18089

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:8 p.m.5 views

EUVD-2026-18086

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

10CVSS5.8AI score0.00502EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:35 p.m.2 views

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder