Lucene search
K

4424 matches found

OSV
OSV
added 6 days ago4 views

CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS6AI score0.00285EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS6AI score0.00285EPSS
Exploits0References4Affected Software1
CVE
CVE
added 6 days ago15 views

CVE-2026-50529

CVE-2026-50529 affects DataEase prior to version 2.10.24. The /de2api/share/proxyInfo interface incorrectly generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket, enabling unauthenticated attackers who know a protected share UUID to obtain a valid link token for ...

8.7CVSS6AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57172 DataEase: Hardcoded JWT Signing Secret in ShareLink

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-59709

Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...

5.3CVSS0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56244

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...

8.7CVSS6.1AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56254

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The ShareSecretManage component uses a hardcoded default share link signature key. An attacker who obtains a passwordless share for a resource and user can use the known key link-pwd-fit2cloud to...

8.3CVSS6AI score0.00289EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.14 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:10 p.m.7 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.13 views

GHSA-R56H-J38W-HRQQ vulnerabilities

Vulnerabilities for packages: argo-cd-fips, longhorn-manager-fips, cluster-autoscaler-fips, azurefile-csi, harvester-fips, eks-distro, rke2-runtime-fips, azuredisk-csi, longhorn-share-manager-fips, azurefile-csi-fips, rancher-system-agent, harvester, kubernetes-csi-driver-hostpath,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2024-7598 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, longhorn-manager-fips, cluster-autoscaler-fips, azurefile-csi, harvester-fips, eks-distro, rke2-runtime-fips, azuredisk-csi, longhorn-share-manager-fips, azurefile-csi-fips, rancher-system-agent, harvester, kubernetes-csi-driver-hostpath,...

3.1CVSS6.2AI score0.00301EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-55309

Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 9:59 p.m.3 views

GHSA-J48M-H7XQ-2XPJ goshs: Share-link ?token=… redemption races past download limit

Share-link ?token=… redemption races past download limit Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: 0 || entry.DownloadLimit == -1 // ...serve file... // = current.DownloadLimit deletefs.SharedLinks, token fs.sharedLinksMu.Unlock Between line 978 RUnlock and...

5.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55218

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description A race condition exists in the ShareHandler when processing share-link redemptions. The system reads the DownloadLimit of a share token using a read lock, releases it to serve the file, and only then...

5.9CVSS6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-7531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...

9.8CVSS6AI score0.00346EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-56781

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 5:15 p.m.34 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Rows per page
Query Builder