Lucene search
K

152 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:16 p.m.16 views

CVE-2026-49287

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50073

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...

7.2CVSS5.2AI score0.00339EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:45 p.m.11 views

CVE-2026-3840 Path Traversal in kedro-org/kedro

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.2AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 3:45 p.m.10 views

EUVD-2026-36497

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.2AI score0.00186EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 3:45 p.m.31 views

CVE-2026-3840 Path Traversal in kedro-org/kedro

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS0.00186EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48927

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.1AI score0.00186EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.5AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 4:43 p.m.4 views

PYSEC-2026-219

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

5.4CVSS5.9AI score0.01475EPSS
Exploits1References17
Cvelist
Cvelist
added 2026/06/09 3:50 a.m.37 views

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 a.m.8 views

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 a.m.9 views

CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS5.5AI score0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:50 a.m.49 views

CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS0.00399EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:50 a.m.195 views

CVE-2026-41842

The CVE-2026-41842 entry affects Spring Framework in Spring MVC and WebFlux, reporting a Denial of Service (DoS) when resolving static resources. Affected versions are Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48. The description in both records states the DoS vulnerabil...

7.5CVSS5.5AI score0.00399EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.4 views

CVE-2026-41843: Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, an attacker can send malicious requests that can resolve files...

5.9CVSS5.9AI score0.00341EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41842: Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, an attacker can send malicious requests that are slow to...

7.5CVSS5.3AI score0.00399EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/08 12:0 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits o...

8.2CVSS5.5AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.5 views

Directory Traversal

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Directory Traversal via static resource...

8.2CVSS6.2AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Directory Traversal

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS6.3AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.5AI score0.00399EPSS
Exploits0References2
Rows per page
Query Builder