Lucene search
K

2290 matches found

Nuclei
Nuclei
added yesterday19 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
NVD
NVD
added last week7 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

5.3CVSS0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 5:31 p.m.6 views

EUVD-2026-42065

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 1:47 p.m.3 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.10 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

7.5CVSS0.00353EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.17 views

CVE-2026-25712

Gitea CVE-2026-25712 affects versions before 1.25.5. The issue is in the organization permission APIs (routers/api/v1/org) where visibility checks are insufficient, allowing an attacker to access private visibility information about hidden members and private organizations. The root cause is inad...

7.5CVSS6AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-25712 Gitea organization permission APIs expose private visibility information

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

7.5CVSS6AI score0.00353EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-25712 Gitea organization permission APIs expose private visibility information

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.4 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References5
NVD
NVD
added 2026/07/03 4:16 p.m.9 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:16 p.m.14 views

EUVD-2026-41555

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55593

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient visibility checks exist within organization permission APIs, which may affect hidden members and private organizations. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00353EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 1:32 p.m.13 views

EUVD-2026-40988

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...

9.1CVSS6.2AI score0.0053EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53354

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...

9.1CVSS6.2AI score0.0053EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 9:48 a.m.6 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.5AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder