Lucene search
K

7 matches found

CVE
CVE
added 2026/05/27 1:11 p.m.24 views

CVE-2026-6938

IBM Db2 12.1.0–12.1.4 is vulnerable to an authorization bypass when uploading to a remote object storage path using a special query. The root cause is improper authorization (CWE-285). Affected products/versions: IBM Db2 Server 12.1.0–12.1.4 on Linux/Unix. Impact: authorization bypass potential d...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33221

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

5.3CVSS0.00173EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Nhost 数据伪造问题漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 0.12.0 had a data manipulation vulnerability. This vulnerability stemmed from the file upload processing mechanism in the storage service, which trusted the Content-Type header provided by the client...

2.1CVSS6.3AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 7:16 p.m.5 views

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

6.1CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 6:15 p.m.30 views

CVE-2025-66488 Discourse allows script execution in uploaded HTML/XML files on S3

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

4.6CVSS0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1.0. These...

6.1CVSS5.6AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.5 views

PT-2026-5176

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References5
Rows per page
Query Builder