Lucene search
+L

6942 matches found

ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2025-71394

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS5.4AI score
Exploits0References3
Nuclei
Nuclei
added 11 hours ago89 views

AnythingLLM - Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

7.5CVSS7.3AI score0.29187EPSS
Exploits1References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45240

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...

6.5CVSS5.4AI score0.00034EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday28 views

CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...

6.5CVSS0.00034EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday31 views

CVE-2026-15379 Arbitrary File Read as SYSTEM in Symantec ITMS

The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...

5.1CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45012

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. This action should have been restricted ...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-47089

CVE-2026-47089 affects Cyrus IMAPD up to version 3.12.2. The LISTRIGHTS function is not restricted to admins, allowing any authenticated user to call LISTRIGHTS on a mailbox they name and discover which principals have what access. This is a data-exposure/privacy issue tied to insufficient access...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-62355

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...

5.4CVSS0.00138EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44623

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS6.1AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 6 days ago17 views

CVE-2026-56241

Capgo (pre-12.128.2) contains a privilege-escalation vulnerability where demoted super_admin users retain access to RPCs delete_non_compliant_bundles and count_non_compliant_bundles due to a stale org_users.user_right value not being cleared when a role binding is deleted. This allows an attacker...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 8:16 p.m.9 views

CVE-2026-55469

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS0.00378EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 7:43 p.m.4 views

CVE-2026-55475 Snipe-IT: Import created_by can be overwritten

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS6.1AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 7:42 p.m.4 views

CVE-2026-55469 Snipe-IT: Path traversal vulnerability via CSV import `image` field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:53 p.m.7 views

CVE-2026-55212

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the objects permission instead of the classes permission,...

7.1CVSS6AI score0.00199EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/09 3:44 p.m.7 views

EUVD-2026-42614

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 3:44 p.m.32 views

CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS0.00341EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 11:16 a.m.7 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS0.00277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:57 a.m.8 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56993

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The signup flow allows newly registered users to set the primary group id variable...

8.2CVSS6.1AI score0.00267EPSS
Exploits0References18
Snyk
Snyk
added 2026/07/08 3:0 p.m.5 views

Missing Authorization

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Missing Authorization in the sendraw process. An attacker can gain unauthorized control over hardware or cause a system outage by sending arbitrary IPMI commands to the BMC. This is only...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder