Lucene search
+L

2521 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS5.4AI score0.00273EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15783 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS0.00273EPSS
Exploits0References5
CVE
CVE
added 2 days ago10 views

CVE-2026-15783

CVE-2026-15783 (GitHub Enterprise Server) describes a missing authorization flaw where an authenticated user with write access to any repository could read metadata from private repositories they should not access. The attack path involves a delegated bypass endpoint that resolves a rule suite fr...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-62231

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-62231

The Grav API plugin (getgrav/grav-plugin-api) prior to version 1.0.6 has an authorization bypass in ApiKeyAuthenticator: API keys with restricted scopes are ignored, and the API key resolves to the owning user’s full account, allowing a key with limited scopes (e.g., read-only) to perform any ope...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-52892

Summary: CVE-2026-52892 affects Wekan, an open‑source Kanban app built on Meteor. Before version 9.32, REST handlers in server/models/customFields.js checked read‑level access (Authentication.checkBoardAccess) for mutating custom-field routes, instead of write‑level access (Authentication.checkBo...

6.5CVSS6.1AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-52892 Wekan: Read-only board members can create/modify/delete Custom Fields (privilege escalation via read-level authz on write ops)

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication.checkBoardWriteAccess for mutating custom-field routes. A read-only board member can call POST,...

6.5CVSS6.1AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 4 days ago9 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-54563

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS0.00186EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-52865

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS5.6AI score
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-52865

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS0.00286EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-44681

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS6.2AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago44 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-43637

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS0.00425EPSS
Exploits0References4
F5 Networks
F5 Networks
added 4 days ago11 views

K000161800: NGINX Ingress Controller vulnerability CVE-2026-55723

Security Advisory Description When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated...

8.7CVSS6.1AI score0.00293EPSS
Exploits0Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44523

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60183

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description An injection flaw exists in the configuration generator when the software is configured with Custom Resource Definitions CRDs or Ingress annotations. Multiple user-controllab...

8.7CVSS6.2AI score0.00293EPSS
Exploits0References4
Rows per page
Query Builder