Lucene search
K

9 matches found

EUVD
EUVD
added 2026/07/07 6:38 p.m.6 views

EUVD-2026-42074

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:54 p.m.7 views

EUVD-2026-40352

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...

4.2CVSS5.9AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

RHEL 10 : samba (RHSA-2026:28055)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28055 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits9References12
Cvelist
Cvelist
added 2026/05/27 2:13 p.m.44 views

CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.5 views

CVE-2026-34981

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

5.8CVSS5.9AI score0.00252EPSS
Exploits1References1
CVE
CVE
added 2026/01/30 10:7 p.m.13 views

CVE-2020-37054

Navigate CMS 2.8.7 is affected by a cross-site request forgery vulnerability that lets attackers upload malicious extensions via a crafted HTML page. By abusing the extension upload functionality without additional validation, an authenticated administrator can be tricked into performing arbitrar...

8.8CVSS5.9AI score0.00203EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/24 7:27 p.m.9 views

CVE-2018-25152

CVE-2018-25152 affects Ecessa Edge EV150 10.7.4. A cross-site request forgery allows unauthenticated attackers to add superuser accounts by crafting a page that submits to /cgi-bin/pl_web.cgi/util_configlogin_act. The connected sources confirm the vulnerable component, the endpoint, and the impac...

5.3CVSS6.5AI score0.00136EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 5:18 p.m.25 views

CVE-2025-64447

CVE-2025-64447 involves a cookie validation flaw in Fortinet FortiWeb. Affected products are FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, and 7.0.0–7.0.11. The root cause is insufficient validation and integrity checking of cookies, allowing an unauthenticated attacker to perfor...

8.1CVSS7.2AI score0.07492EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.10 views

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...

9.8CVSS7.1AI score0.01412EPSS
Exploits1References1
Rows per page
Query Builder