Lucene search
K

12941 matches found

CVE
CVE
added yesterday11 views

CVE-2026-57870

CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-53641

FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41213

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect...

8.7CVSS6.1AI score0.00293EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2 days ago8 views

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-50557

A flaw was found in Angular's @angular/compiler and @angular/core packages. Namespaced script elements were not properly identified by the template preparser, and security context schema mappings did not consistently handle attributes within namespaced elements. An attacker who can inject templat...

6.1CVSS5.7AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56073

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...

8.7CVSS5.9AI score
Exploits0References10
Snyk
Snyk
added 5 days ago3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Symlink Attack

Overview github.com/go-gitea/gitea/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by...

9.1CVSS6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...

9.1CVSS6AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS0.00283EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

9.1CVSS0.00172EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-22547

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...

9.1CVSS0.00168EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-27783 Gitea issue-template APIs bypass repository unit authorization

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS0.00283EPSS
Exploits0References5
CVE
CVE
added 5 days ago33 views

CVE-2026-27783

CVE-2026-27783 affects Gitea versions up to 1.26.1. The vulnerability arises because the issue_templates, issue_config, and issue_config/validate endpoints do not enforce repository-unit authorization, allowing callers with any repository unit (e.g., Issues) to read Code-tree files from the repos...

4.3CVSS7.1AI score0.00283EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00172EPSS
Exploits0References5
CVE
CVE
added 5 days ago10 views

CVE-2026-25718

Gitea prior to version 1.25.5 is affected by a symlink-based path resolution issue during template repository generation, allowing template processing to read or write via symlinked/non-regular paths. The vulnerability affects Gitea core components used for template repository generation (e.g., m...

9.1CVSS5.9AI score0.00172EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-25718 Gitea template repository generation mishandles symlinked paths

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

0.00172EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41624

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00172EPSS
Exploits0References4
Rows per page
Query Builder