Lucene search
K

431 matches found

NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35371

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...

3.3CVSS0.00123EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00125EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34507

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The id utility exhibits incorrect behavior in its pretty print output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the...

3.3CVSS6AI score0.00123EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-35371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The id utility in uutils coreutils exhibits incorrect behavior in its pretty print output when the real UID and effective UID differ. The implementation...

3.3CVSS5.5AI score0.00123EPSS
Exploits1References3
Circl
Circl
added 2026/04/17 9:22 p.m.2 views

GHSA-89MQ-229G-X47P

creationtimestamp| type| source ---|---|--- 2026-04-17 21:22:46+00:00| seen| Telegram/o-uTgZiWLI4DGr-3Qx2v6r5S9u58WJIjtqdTFR62kB0PIWs...

4.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/10 6:15 p.m.21 views

CVE-2026-33702 Chamilo LMS has an Insecure Direct Object Reference (IDOR)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 6:15 p.m.16 views

CVE-2026-33702

Chamilo LMS before 1.11.38 and 2.0.0-RC.3 contains an IDOR in lp_ajax_save_item.php where a uid is read from $_REQUEST and used to load/modify another user’s Learning Path progress (score, status, completion, time) without verifying the requester’s identity. Any authenticated course-enrolled user...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/09 10:15 p.m.13 views

CVE-2026-5985

CVE-2026-5985 affects code-projects Simple IT Discussion Forum 1.0. The vulnerable component is the /crud.php file, where manipulation of the user_Id argument leads to SQL injection. The issue is exploitable remotely and exploit code is publicly available (proof-of-concept). Documents do not spec...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 10:15 p.m.25 views

CVE-2026-5985 code-projects Simple IT Discussion Forum crud.php sql injection

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

7.5CVSS0.00254EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 8:27 a.m.7 views

SUSE-RU-2026:1228-1 Recommended update for shadow

This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...

5.5CVSS6.8AI score0.00308EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

5.3CVSS5.7AI score0.00357EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability stems from operations on the parameter userid in the /crud.php file, which may le...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/08 7:24 p.m.4 views

CVE-2026-35478 InvenTree has Arbitrary API Token Creation

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...

8.3CVSS6AI score0.00303EPSS
Exploits0References1
Circl
Circl
added 2026/04/07 5:28 p.m.5 views

GHSA-8PFC-JJGW-6G26

creationtimestamp| type| source ---|---|--- 2026-04-07 17:28:27+00:00| seen| Telegram/JtakylbYKAfJvCRBIgmgtreOTLAC-UR5YdC-v7gW7NnsM...

4.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.6 views

SUSE CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS5.8AI score0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/04/05 1:45 a.m.21 views

CVE-2026-5534

CVE-2026-5534 affects the itsourcecode Online Enrollment System 1.0. The vulnerability is in an unknown function of the component Parameter Handler, specifically the file /sms/user/index.php?view=edit&id=10, where manipulation of the USERID parameter leads to SQL injection. It can be exploited re...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/04/02 4:16 p.m.5 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
Circl
Circl
added 2026/04/01 11:27 p.m.3 views

GHSA-GHFJ-FX47-WG97

creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:43+00:00| seen| Telegram/9bl7FEfQKeFpZFPlYLUaNlRChLBL7dB3Syrn3BTLiX1da84...

4.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.4 views

CVE-2026-31799

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References1
Circl
Circl
added 2026/03/31 7:20 p.m.4 views

GHSA-M2H6-4XPQ-QW3M

creationtimestamp| type| source ---|---|--- 2026-03-31 19:20:10+00:00| seen| Telegram/kcbrs7WWw-nIPeTyrZTDg68aatJd3a7QKUME-vVoB020PA...

4.8AI score
Exploits0
Rows per page
Query Builder