Lucene search
K

87 matches found

EUVD
EUVD
added 2026/04/27 2:19 p.m.6 views

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:19 p.m.3 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/27 2:19 p.m.5 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35435

Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1 Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This...

5.8CVSS6.7AI score0.00182EPSS
Exploits0References111
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 3:32 p.m.5 views

EUVD-2026-24133

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

6.3CVSS5.7AI score0.001EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 3:16 p.m.3 views

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

6.3CVSS0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Infoopia Dovestones AD Self Update 安全漏洞

Infoopia Dovestones AD Self Update is a self-service catalog information update tool developed by the Canadian company Infoopia. Versions of Infoopia Dovestones AD Self Update prior to 4.0.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token protection...

6.3CVSS5.8AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.4 views

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

5.7AI score0.001EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.29 views

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

0.001EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 12:0 a.m.9 views

CVE-2026-31014

CVE-2026-31014 affects Dovestones Softwares AD Self Update

6.3CVSS5.7AI score0.001EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.3 views

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

9.9CVSS5.8AI score0.00284EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33801

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manage users permission check for self-updates, enabling privile...

9.9CVSS5.8AI score0.00284EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.31 views

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

0.00284EPSS
Exploits1References2
CVE
CVE
added 2026/04/20 12:0 a.m.10 views

CVE-2026-30269

CVE-2026-30269 affects Doorman (v0.1.0 and v1.0.2). The issue is improper access control where an authenticated user can update their own account role to a non-admin privileged role via /platform/user/{username}. The update model accepts the role field without a manage_users permission check for ...

9.9CVSS5.8AI score0.00284EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.4 views

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

5.8AI score0.00284EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.6 views

EUVD-2026-10476

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10477

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4566 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level in github.com/h44z/wg-portal

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS5.8AI score0.00306EPSS
Exploits0References5
CVE
CVE
added 2026/03/10 7:22 a.m.21 views

CVE-2026-2364

CVE-2026-2364 affects the CODESYS Installer (part of the CODESYS Development System). A TOCTOU race condition in the installer allows a low-privileged local attacker, who can trigger a self-update prompt or start an installation, to obtain elevated rights. The CVSS v3.1 base metrics indicate loca...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References1
Rows per page
Query Builder