Lucene search
K

32 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-53365

CVE-2026-53365 concerns the Linux kernel patch for vsock/virtio zerocopy completion across multi-skb sends. The fix ensures zerocopy uarg is allocated before the send loop and attached to every skb via skb_zcopy_set(), so each skb carries a reference and completion decrements correctly. This prev...

6AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:53 p.m.33 views

CVE-2026-50007 Actual: Shared users can perform owner-only file management actions

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:53 p.m.8 views

CVE-2026-50007

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS5.9AI score0.00246EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
NVD
NVD
added 2026/02/13 10:16 p.m.7 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

8.8CVSS0.00446EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.4 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.6AI score0.00446EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.5AI score0.00446EPSS
Exploits1References3
OSV
OSV
added 2026/02/13 12:0 a.m.6 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

8.8CVSS5.6AI score0.00446EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/13 12:0 a.m.26 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

0.00446EPSS
Exploits1References2
CVE
CVE
added 2026/02/13 12:0 a.m.12 views

CVE-2025-70866

CVE-2025-70866 — LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low privileges (User role) can directly access the admin backend via /admin/login because the admin and user authentication guards share the same user provider without role-based access cont...

8.8CVSS5.5AI score0.00446EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-5223

Malware in sbrugna...

10CVSS6.4AI score0.01679EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-1749

Malware in sbrugna...

4.3CVSS6.4AI score0.0068EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28314

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/10 12:0 a.m.12 views

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 12:0 a.m.9 views

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

9.7AI score0.00473EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 12:0 a.m.57 views

CVE-2024-45494

The CVE affects MSA FieldServer Gateway versions 5.0.0–6.5.2 (fixed in 7.0.0). A shared administrative user on all devices uses an unsafe, static secret for authentication, enabling potential unauthorized admin access. The issue is described with high impact across confidentiality, integrity, and...

9.8CVSS9.7AI score0.00473EPSS
Exploits0References2
OSV
OSV
added 2024/05/07 9:15 p.m.5 views

CVE-2024-23710

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS6AI score0.0009EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-35512

A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches = 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in...

7CVSS6.9AI score0.00331EPSS
Exploits0References41
Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.28 views

Fedora 36 : wordpress (2022-4e099582c7)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-4e099582c7 advisory. WordPress 6.0.3 Security Release Security updates included in this release Stored XSS via wp-mail.php post by email Toshitsugu Yoneyama of Mitsui Bussan Secu...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:15 p.m.5 views

Malicious code in @shared-ui/global-navigation-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3146f75b07c94a8fd45a30d06312fef2e4562d93ab98b0e3eb67da5051b5082e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder