Lucene search
K

2082 matches found

CVE
CVE
added 2026/05/29 7:47 p.m.20 views

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.12 views

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS0.00394EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:46 p.m.7 views

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/29 4:3 p.m.12 views

RLSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.4CVSS6.6AI score0.00498EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.15 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

7.5CVSS5.8AI score0.00498EPSS
Exploits0
Snyk
Snyk
added 2026/05/29 1:18 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the campaign import. An attacker can write arbitrary files to sensitive directories by uploading specially crafted ZIP archives containing malicious file paths. This can lead to overwriting internal configuration...

9.9CVSS6.3AI score0.00583EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/29 1:27 a.m.15 views

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score0.00083EPSS
Exploits0
Fedora
Fedora
added 2026/05/29 1:13 a.m.12 views

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score0.00083EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-42791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificat...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.15 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.17 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/28 5:37 p.m.18 views

OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL

Impact OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented sys/revoke and sys/renew endpoints. Patch This will be address...

5.8AI score0.00046EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/28 5:37 p.m.8 views

GHSA-V8V8-CM84-M686 OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL

Impact OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented sys/revoke and sys/renew endpoints. Patch This will be address...

7.1CVSS5.8AI score0.00046EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 5:16 p.m.14 views

CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

9.8CVSS0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:29 p.m.32 views

CVE-2026-9097 CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:29 p.m.10 views

CVE-2026-9097 CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

5.7AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:29 p.m.11 views

EUVD-2026-32951

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

5.7AI score0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:29 p.m.8 views

CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

5.7AI score0.00405EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:29 p.m.28 views

CVE-2026-9097

CVE-2026-9097 affects Casdoor

9.8CVSS5.7AI score0.00405EPSS
Exploits0References1
Rows per page
Query Builder