Lucene search
+L

95 matches found

Cvelist
Cvelist
added 2026/06/30 3:57 p.m.38 views

CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS0.00766EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 3:57 p.m.4 views

CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

7.2CVSS6AI score0.00766EPSS
Exploits1References9
OSV
OSV
added 2026/06/26 7:30 p.m.2 views

CVE-2026-44696 OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS6AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.8 views

EUVD-2026-38365

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.25 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial-of-service vulnerability in POST /app/demo that lets authenticated users with org write permissions create unlimited demo apps without rate limiting or quotas. Each request can trigger around 138 database write operations, leading to degraded performance, h...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 9:16 p.m.12 views

CVE-2026-49252

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any...

9.9CVSS0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:1 p.m.22 views

CVE-2026-49252 deepstream is vulnerable to prototype pollution

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any...

9.9CVSS0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

5.9AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 10:54 a.m.28 views

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 10:54 a.m.10 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.22 views

PT-2026-47274

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 6:32 p.m.10 views

CVE-2026-5385 GLPI 11.0.0 - Stored XSS in knowledge base

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44798

Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the OpenShift Router allows a user with EndpointSlice write access to proxy requests to a cloud metadata endpoint. This is achieved by creating a Service backed by a Fully...

7.7CVSS5.5AI score0.00226EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/23 11:44 a.m.12 views

EUVD-2026-31535

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skbtrycoalesce can attach paged frags from @from to @to. If @from has SKBFLSHAREDFRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backe...

6AI score0.03663EPSS
Exploits11References7
CVE
CVE
added 2026/05/23 11:44 a.m.307 views

CVE-2026-46300

The CVE-2026-46300 issue affects the Linux kernel's net: skbuff code: skb_try_coalesce() can transfer paged frags from one skb to another while losing the SKBFL_SHARED_FRAG marker, breaking the invariant relied on by ESP decryption logic. This can allow an in-place decrypt path to operate on page...

7.8CVSS6AI score0.03663EPSS
Exploits11References50Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:59 p.m.8 views

CVE-2026-8053

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.21 views

PhpSpreadsheet 跨站脚本漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Versions prior to PhpSpreadsheet 5.7.0, 3.10.5, 2.4.5, 2.1.16, and 1.30.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML writers skipping...

5.4CVSS5.8AI score0.00225EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 10:32 a.m.7 views

CLSA-2026-1774002757 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read in UIL and XPM encoders. - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. - CVE-2026-25898...

9.1CVSS7.1AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS6AI score0.00439EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/17 6:43 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References2
Rows per page
Query Builder