Lucene search
+L

319 matches found

redhat
redhat
added 2026/06/30 3:58 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.1 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug...

5.3CVSS6AI score0.0037EPSS
Exploits0References4
nvd
nvd
added 2026/06/29 6:16 p.m.12 views

CVE-2026-57954

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
euvd
euvd
added 2026/06/29 5:21 p.m.7 views

EUVD-2026-40139

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
cve
cve
added 2026/06/29 5:21 p.m.16 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
osv
osv
added 2026/06/29 5:21 p.m.4 views

CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS6AI score0.00168EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.10 views

PT-2026-53672

Name of the Vulnerable Software and Affected Versions Elide versions prior to 7.1.18 Description Insufficient enforcement of @ReadPermission within the getValidSortingRules function of SortingImpl allows attackers to use forbidden fields in client-supplied sort expressions. By analyzing the...

5.3CVSS5.9AI score0.00168EPSS
Exploits0References6
fedora
fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03552EPSS
Exploits4
euvd
euvd
added 2026/06/26 10:15 p.m.11 views

EUVD-2026-38057

Statamic CMS's unsafe method invocation via collection sorting allows data destruction...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References3
osv
osv
added 2026/06/26 10:15 p.m.3 views

GHSA-M92M-R54R-X8R2 Statamic CMS's unsafe method invocation via collection sorting allows data destruction

Impact The fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets. This requires a front-end template that passes...

7.4CVSS5.7AI score0.0027EPSS
Exploits0References4
osv
osv
added 2026/06/23 12:46 p.m.3 views

OPENSUSE-SU-2026:21038-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.4AI score0.00938EPSS
Exploits8References16
nvd
nvd
added 2026/06/19 6:16 p.m.19 views

CVE-2026-49287

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS0.0027EPSS
Exploits0References2
cve
cve
added 2026/06/19 5:36 p.m.24 views

CVE-2026-49287

Statamic CMS (Laravel/Git) had an incomplete fix for CVE-2026-41175; in-memory collection sorting was not protected. CVE-2026-49287 notes that prior to 5.73.23 and 6.20.0, the patch covered the query builder but not in-memory sorting. This could allow a front-end template that passes request inpu...

7.4CVSS5.6AI score0.0027EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/19 5:36 p.m.25 views

CVE-2026-49287 Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS0.0027EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/19 5:36 p.m.5 views

CVE-2026-49287

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS5.6AI score0.0027EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/19 5:36 p.m.3 views

CVE-2026-49287 Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51000

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An incomplete fix for a previous issue in this Laravel and Git powered content management system CMS left in-memory collection sorting unprotected, although the...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References11
redhat
redhat
added 2026/06/11 1:41 a.m.8 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References7
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.1AI score0.00307EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.11 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a security vulnerability tha...

8.1CVSS5.3AI score0.00225EPSS
Exploits0References1
osv
osv
added 2026/05/29 2:28 p.m.8 views

CLSA-2026-1780062671 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: receiver use-after-free in receivexattr via a wire-supplied xattr count passed to qsort: - debian/patches/els/0007-CVE-2026-41035.patch: sort tempxattr.count stored items instead of the untrusted wire count. - CVE-2026-41035...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
Rows per page
Query Builder