Lucene search
K

39 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 7:4 p.m.14 views

Security Bulletin: Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.7AI score0.00718EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/11 5:18 p.m.9 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Config::toArray function. An attacker can access sensitive configuration data, including plugin secrets, by...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 11:23 p.m.9 views

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

6.8CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/05 9:29 p.m.10 views

Deserialization of Untrusted Data

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe handling of serialized data and improper input validation in multiple components, including...

9.8CVSS6.3AI score0.01683EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 9:21 p.m.8 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection in the directInstall process. An attacker can execute arbitrary code on the server by uploading a specially crafted Z...

9.1CVSS6.3AI score0.03934EPSS
Exploits4References2
NVD
NVD
added 2026/04/28 10:16 p.m.6 views

CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS0.00224EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/28 8:30 p.m.4 views

CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/28 8:30 p.m.4 views

CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/28 8:30 p.m.17 views

CVE-2026-7317

Grav CMS (up to 1.7.49.5/2.0.0-beta.1) contains a deserialization vulnerability in FileCache::doGet (Cache Value Handler, file system/src/Grav/Framework/Cache/Adapter/FileCache.php). The issue allows remote exploitation with high complexity and a publicly available exploit. Upgrading to version 2...

5CVSS5AI score0.00224EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/22 5:6 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 5:38 p.m.3 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

8.4CVSS5.9AI score0.00387EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 5:38 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

8.4CVSS5.9AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 12:31 p.m.3 views

GHSA-5W5R-8XC6-2XHW Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

8.7CVSS5.4AI score0.00619EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 10:41 a.m.7 views

EUVD-2026-5384

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 10:41 a.m.4 views

CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

5.3AI score0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.10 views

PT-2026-3454

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.0.0-next.193 Description LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, the knowledgeBase.removeFilesFromKnowledgeBase tRPC endpoint allows authenticated users to delete file...

3.7CVSS5.4AI score0.00194EPSS
Exploits0References9
Snyk
Snyk
added 2025/12/04 2:5 p.m.2 views

Remote Code Execution (RCE)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary...

9.9CVSS7.5AI score0.12685EPSS
Exploits4References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:47 p.m.6 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS7AI score0.01495EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986129 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: apache-commons-fileupload (UTSA-2025-279266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-279266 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References4
Rows per page
Query Builder