Lucene search
K

37 matches found

CVE
CVE
added yesterday11 views

CVE-2026-13699

CVE-2026-13699 affects Eclipse KUKSA Databroker 0.6.1. The gRPC handler kuksa.val.v2.VAL/PublishValue fails to validate the optional data_point in PublishValueRequest; if signal_id is valid but data_point is omitted, the code dereferences request.data_point (unwrap) and panics in the Tokio worker...

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-13699

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS6.1AI score0.00224EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/18 1:52 p.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.10 views

CVE-2026-50084 Aqara API cross-account access

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.4AI score0.00244EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/20 3:46 p.m.16 views

Insecure Default Initialization of Resource

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:46 p.m.27 views

Insecure Default Initialization of Resource

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 10:52 p.m.7 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through improper handling of missing user identifiers in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and return a 500 Internal Serv...

7.1CVSS5.8AI score0.0042EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/06 10:10 p.m.7 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the processFuzzySearch function. An attacker can access and extract the entire database contents by supplying crafted input to the column parameter in the HTTP API, which is directly interpolated into raw SQL statement...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/12 5:5 a.m.7 views

Privilege Escalation

@cubejs-backend/server-core is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization validation of specially crafted requests using a valid API token, which allows an attacker to escalate privileges beyond their intended access level...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/10 12:29 a.m.6 views

GHSA-V226-32C7-X2V7 Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/10 12:29 a.m.15 views

Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/02/10 12:22 a.m.2 views

Improper Handling of Case Sensitivity

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...

5.4CVSS5.7AI score0.00325EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/09 10:42 p.m.2 views

CVE-2026-25958 Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 10:42 p.m.33 views

CVE-2026-25958 Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...

7.7CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 10:42 p.m.30 views

CVE-2026-25958

Cube (semantic layer) versions 0.27.19 up to before 1.5.13, 1.4.2, and 1.0.14 are vulnerable to privilege escalation via a specially crafted request with a valid API token. The issue is fixed in 1.5.13, 1.4.2, and 1.0.14. CVSS v3.1 base score 7.7 (HIGH) with attack vector Network, attack complexi...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7194

Name of the Vulnerable Software and Affected Versions Cube versions 0.27.19 through 1.5.12 Cube version 1.0.14 Cube version 1.4.2 Description Cube, a semantic layer for building data applications, is affected by a privilege escalation issue. A specially crafted request, using a valid API token, c...

7.7CVSS5.4AI score0.00352EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

4.9CVSS5.9AI score0.00464EPSS
Exploits0References4
NVD
NVD
added 2025/10/31 9:15 p.m.7 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6991

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00501EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.20 views

CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

9.8CVSS7.1AI score0.00736EPSS
Exploits0References1
Rows per page
Query Builder