Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
NVD
NVD
added 2026/05/18 3:16 p.m.11 views

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.4CVSS0.00509EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/18 1:52 p.m.52 views

EUVD-2026-30774

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.4 views

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

9.8CVSS6.1AI score0.00654EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 8:39 p.m.16 views

CVE-2026-34528

CVE-2026-34528 — File Browser : Multiple sources confirm that prior to version 2.62.2, the signupHandler copies all default permissions and only strips Admin, leaving Execute and Commands intact. If signup is enabled and Execute=true with default commands, an unauthenticated self-registered user ...

9.8CVSS6.1AI score0.00654EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...

10CVSS5.8AI score0.00677EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:39 p.m.5 views

CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...

10CVSS5.8AI score0.00677EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34270 · Unknown · Aikaan Iot Management Platform

Name of the Vulnerable Software and Affected Versions: Aikaan IoT management platform version 3.25.0325-5-g2e9c59796 Description: The Aikaan IoT management platform allows unauthenticated users to register accounts via APIs, even when user sign-up is disabled through the user interface. This...

9.8CVSS7.2AI score0.00538EPSS
Exploits0References6
Rows per page
Query Builder