Lucene search
K
CvelistRecent

364119 matches found

Cvelist
Cvelist
added 2026/06/23 10:15 p.m.29 views

CVE-2026-12164 Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 10:11 p.m.29 views

CVE-2026-48493 Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 10:9 p.m.29 views

CVE-2026-56785 FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS0.00243EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 10:9 p.m.27 views

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS0.00312EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 10:7 p.m.28 views

CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 10:6 p.m.36 views

CVE-2026-12163 Stored XSS in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...

5.5CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 10:2 p.m.58 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/23 9:2 p.m.27 views

CVE-2026-54518 jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 9:0 p.m.30 views

CVE-2026-50193 jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

6.3CVSS0.00616EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 8:59 p.m.27 views

CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:56 p.m.32 views

CVE-2026-54512 jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 8:54 p.m.24 views

CVE-2026-56120

...

Exploits0
Cvelist
Cvelist
added 2026/06/23 8:53 p.m.34 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS0.00677EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 8:51 p.m.27 views

CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 8:50 p.m.26 views

CVE-2026-54515 jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 8:48 p.m.30 views

CVE-2026-54516 jackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fields

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 8:47 p.m.31 views

CVE-2026-54517 jackson-databind: @JsonView bypass for setterless creator properties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular...

5.3CVSS0.00237EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 8:42 p.m.26 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:41 p.m.27 views

CVE-2026-46548 NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

4.3CVSS0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:40 p.m.29 views

CVE-2026-46549 NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited...

2CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:39 p.m.25 views

CVE-2026-46550 NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it t...

5.4CVSS0.00099EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:38 p.m.27 views

CVE-2026-46552 NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

5.8CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:37 p.m.26 views

CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:36 p.m.27 views

CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:35 p.m.31 views

CVE-2026-47376 NocoDB: Reflected Cross-Site Scripting via Password Reset Token

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or...

5.1CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:35 p.m.27 views

CVE-2026-47377 NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that...

5.1CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:34 p.m.26 views

CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:33 p.m.26 views

CVE-2026-47380 NocoDB: User Enumeration via Sign-In Timing

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:31 p.m.26 views

CVE-2026-46551 NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...

6.5CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:30 p.m.28 views

CVE-2026-46554 NocoDB: Stale Auth Cache After API Token Deletion

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row bu...

2.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:19 p.m.25 views

CVE-2026-47382 NocoDB: Server-Side Request Forgery via Database Connection Host

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...

5.3CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:18 p.m.26 views

CVE-2026-47279 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:17 p.m.28 views

CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:17 p.m.28 views

CVE-2026-47381 NocoDB: Cross-Workspace Integration Use in Connection Test

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check...

6.9CVSS0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:15 p.m.33 views

CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:15 p.m.28 views

CVE-2026-47384 NocoDB: SQL Injection via Column Title in Bulk GroupBy

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:13 p.m.30 views

CVE-2026-47385 NocoDB: Path Traversal via SQLite Source Filename

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:12 p.m.30 views

CVE-2026-47386 NocoDB: OAuth Authorization Code Race Condition

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.27 views

CVE-2026-23513 FOSSBilling: Broken Authorization in Client Transaction and Order Listings

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.30 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:9 p.m.27 views

CVE-2026-47388 NocoDB: Missing Ownership Check in MCP Attachment Read

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...

2.3CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:8 p.m.27 views

CVE-2026-53926 NocoDB: OAuth Tokens Persist Through Security Events

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and passwordReset. OAuth access and refresh tokens were not revoked when the user changed, reset, or...

6.3CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:5 p.m.27 views

CVE-2026-53927 NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...

5.1CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:3 p.m.28 views

CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.32 views

CVE-2026-12892 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.38 views

CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.37 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.28 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.29 views

CVE-2026-9073 Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:45 p.m.26 views

CVE-2025-64105 FOSSBilling: IDOR Vulnerability in Support Ticket Creation

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS0.00265EPSS
Exploits0References2
Total number of security vulnerabilities364119