Lucene search
K

2262 matches found

Nuclei
Nuclei
added yesterday33 views

ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API

changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...

5.4CVSS6AI score0.00441EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 6:16 p.m.4 views

GHSA-GC3J-79F2-7VVW Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

Summary A low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent surveillance channel over any other namespace. Details Two independent flaws compounded: 1. pkg/kubewatcher/kubewatcher.go::createKubernetesWatch used...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-9219

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:13 p.m.9 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 11:13 p.m.38 views

CVE-2026-9220 Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:13 p.m.17 views

CVE-2026-9220

The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:6 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 8:6 p.m.11 views

CVE-2026-52795

CVE-2026-52795 affects Gogs (open source self-hosted Git service). In 0.14.3 and earlier, an authorization logic error in the Watch API lets any authenticated user watch a private repository they have no access to, due to an inverted access check. This exposes private repository activity in the a...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:6 p.m.24 views

CVE-2026-52795 Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:6 p.m.2 views

CVE-2026-52795 Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS6AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: libceph: The calctarget function should set t-paused, rather than simply clearing it. Currently, calctarget clears t-paused if the request should no longer be paused. However, it never sets t-paused, even though it can determine...

5.7AI score0.00161EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed the bounds checking of watchid in debug address watch v2. The address watch clear code receives watchid as an unsigned value u32, but some helper functions used a signed int and checked the bits by shifting...

7.8CVSS6.6AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52084

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux

A issue was discovered in Xen through version 4.14.x. Some operating systems, such as Linux, FreeBSD, and NetBSD, process watch events using a single thread. If these events are received faster than the thread can handle them, they will be queued up. Since the queue is unbounded, a guest system m...

6.5CVSS6.5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/18 11:13 a.m.13 views

CVE-2026-55225

When the Strimzi cluster operator is deployed with watchAnyNamespace=true or a multi-namespace list, any namespace editor can set Kafka.spec.entityOperator.userOperator.watchedNamespace or topicOperator.watchedNamespace to an arbitrary namespace. The cluster operator then creates a Role granting...

8CVSS5.5AI score
Exploits0References5
NVD
NVD
added 2026/06/10 6:17 p.m.14 views

CVE-2026-49822

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...

7.7CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 5:22 p.m.3 views

CVE-2026-49822 Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 5:22 p.m.24 views

CVE-2026-49822

CVE-2026-49822 affects the Fission framework (Kubernetes-native serverless) prior to version 1.24.0. A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace could establish a persistent surveillance channel into other namespaces, enabling cross-namespace e...

7.7CVSS5.4AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 10:41 a.m.14 views

MAL-2026-5312 Malicious code in bt-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94719a61950dd5cacc26b288c1fe8ef0d12f0e93720b4f1aa98cdf84ff148f0d Package advertises Bittensor subnet burn-rate monitoring but the compiled core module's own docstring describes itself as a 'clipboard logger +...

5.6AI score
Exploits0References2
Rows per page
Query Builder