Lucene search
K
CvelistRecent

364478 matches found

Cvelist
Cvelist
added 2026/06/19 9:39 p.m.19 views

CVE-2026-56079 Capgo - Cross-Tenant Authorization Bypass via PostgREST Webhook Access

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.27 views

CVE-2026-56073 Cap-go - OTP Bypass via Response Manipulation in Email Verification

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:29 p.m.21 views

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

8.8CVSS0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:29 p.m.44 views

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

...

9.6CVSS0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:28 p.m.20 views

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

6.5CVSS0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.19 views

CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

...

9.9CVSS0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.21 views

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

...

6.5CVSS0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.20 views

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

10CVSS0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.21 views

CVE-2026-32208 Microsoft Entra ID Spoofing Vulnerability

...

8.8CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:26 p.m.27 views

CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00451EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 8:23 p.m.23 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:19 p.m.19 views

CVE-2026-47203 Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:16 p.m.23 views

CVE-2026-48129 Kestra task inputFiles accepts traversal filenames for worker file writes

Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task inputFiles writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an inputFiles file name, ...

6.5CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:12 p.m.23 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 8:9 p.m.23 views

CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 7:53 p.m.21 views

CVE-2026-49337 libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:46 p.m.26 views

CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:38 p.m.21 views

CVE-2026-48089 DevGuard has improper authorization on public assets

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.21 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:28 p.m.22 views

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:27 p.m.20 views

CVE-2026-48773 ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.21 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:21 p.m.23 views

CVE-2026-49344 Mercator has a Personal Identifiable Information Leak from Query Executor feature

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:18 p.m.21 views

CVE-2026-48715 radvdump's Route Information Option Parser has a Stack Buffer Overflow

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

7.7CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:13 p.m.20 views

CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:11 p.m.22 views

CVE-2026-49340 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path o...

8.1CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:8 p.m.20 views

CVE-2026-49338 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:2 p.m.24 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 6:49 p.m.20 views

CVE-2026-12726 Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:45 p.m.19 views

CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:32 p.m.21 views

CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:23 p.m.19 views

CVE-2026-49339 Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 6:19 p.m.19 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:14 p.m.22 views

CVE-2026-49293 CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/19 6:11 p.m.37 views

CVE-2026-49288 Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 5:59 p.m.19 views

CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:52 p.m.18 views

CVE-2023-54357 Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration

Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...

8.7CVSS0.00346EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:48 p.m.18 views

CVE-2019-25762 Joomla! Component JoomProject 1.1.3.2 Information Disclosure

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

8.7CVSS0.00442EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:45 p.m.20 views

CVE-2019-25761 Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:42 p.m.19 views

CVE-2019-25760 Joomla! Component Easy Shop 1.2.3 Local File Inclusion

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to comeasyshop, task set to...

6.9CVSS0.00426EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:38 p.m.20 views

CVE-2019-25759 Joomla! Component vBizz 1.0.7 SQL Injection

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:36 p.m.23 views

CVE-2026-49287 Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 5:35 p.m.19 views

CVE-2019-25758 Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:31 p.m.17 views

CVE-2019-25757 Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:31 p.m.21 views

CVE-2026-49290 Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:28 p.m.16 views

CVE-2019-25756 Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:25 p.m.20 views

CVE-2019-25755 Joomla vReview 1.9.11 SQL Injection via editReview

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:21 p.m.18 views

CVE-2019-25754 Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:18 p.m.16 views

CVE-2019-25753 Joomla! Component VMap 1.9.6 SQL Injection via loadmarker

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:16 p.m.25 views

CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS0.00199EPSS
Exploits0References1
Total number of security vulnerabilities364478