CVE tracker
339 subscribers
4.64K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-13752 - Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

CVE ID :CVE-2026-13752
Published : June 29, 2026, 4:24 p.m. | 52 minutes ago
Description :Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session. Successful exploitation required crafted values to reach vulnerable parameters, including through socially engineered input, malicious repository configuration, or compromised automation feeding external values into the CLI, and impact is limited by the privileges assigned to the active session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-13589 - seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow

CVE ID :CVE-2026-13589
Published : June 29, 2026, 4:30 p.m. | 46 minutes ago
Description :A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12912 - Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image

CVE ID :CVE-2026-12912
Published : June 29, 2026, 4:31 p.m. | 44 minutes ago
Description :A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-13590 - seladb PcapPlusPlus Modbus Protocol ModbusLayer.h getLength heap-based overflow

CVE ID :CVE-2026-13590
Published : June 29, 2026, 4:45 p.m. | 31 minutes ago
Description :A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been released to the public and may be used for attacks. The patch is identified as 4c90c3e3418a2b09dc82b7ca5775e9c1e22fe454. Applying a patch is advised to resolve this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12672
Published : June 29, 2026, 4:47 p.m. | 28 minutes ago
Description :None
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-13591 - DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization

CVE ID :CVE-2026-13591
Published : June 29, 2026, 5 p.m. | 16 minutes ago
Description :A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56783 - Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

CVE ID :CVE-2026-56783
Published : June 29, 2026, 5:16 p.m. | 2 hours ago
Description :Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets by querying GET /api/v1/targets or related endpoints.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57942 - LibreTranslate - IP Spoofing via X-Forwarded-For Header

CVE ID :CVE-2026-57942
Published : June 29, 2026, 5:17 p.m. | 2 hours ago
Description :LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attackers can bypass per-IP rate limiting and flood bans by supplying forged addresses in the X-Forwarded-For header to enable unlimited API abuse.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57943 - LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

CVE ID :CVE-2026-57943
Published : June 29, 2026, 5:17 p.m. | 1 hour, 59 minutes ago
Description :LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos belonging to other users.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57945 - PhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint

CVE ID :CVE-2026-57945
Published : June 29, 2026, 5:18 p.m. | 1 hour, 59 minutes ago
Description :PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PUT users API endpoint to overwrite another user's profile details without authorization.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57946 - Invidious - Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint

CVE ID :CVE-2026-57946
Published : June 29, 2026, 5:18 p.m. | 1 hour, 58 minutes ago
Description :Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain the full playlist contents, owner email address, and associated video entries without any authentication.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57947 - Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration

CVE ID :CVE-2026-57947
Published : June 29, 2026, 5:18 p.m. | 1 hour, 58 minutes ago
Description :Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57948 - Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

CVE ID :CVE-2026-57948
Published : June 29, 2026, 5:19 p.m. | 1 hour, 58 minutes ago
Description :Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can exploit stored or reflected cross-site scripting vulnerabilities to exfiltrate the session token or intercept it through network sniffing to perform session hijacking.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57949 - ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

CVE ID :CVE-2026-57949
Published : June 29, 2026, 5:19 p.m. | 1 hour, 57 minutes ago
Description :ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this by sending requests with arbitrary ID parameters to access other users' follow-up notes, file attachments, scheduling information, and business entity references without proper authorization checks.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57950 - ruoyi-vue-pro - Incorrect Permission Namespace in ErpSaleOrderController

CVE ID :CVE-2026-57950
Published : June 29, 2026, 5:20 p.m. | 1 hour, 57 minutes ago
Description :ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement. Attackers holding shipment-level permissions can perform unauthorized create, update, delete, and read operations on financially sensitive sale orders due to the controller enforcing erp:sale-out instead of the intended erp:sale-order namespace.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57951 - Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

CVE ID :CVE-2026-57951
Published : June 29, 2026, 5:20 p.m. | 1 hour, 56 minutes ago
Description :Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57952 - Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID

CVE ID :CVE-2026-57952
Published : June 29, 2026, 5:21 p.m. | 1 hour, 56 minutes ago
Description :Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation's C2 profile configuration including encryption keys and callback parameters.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57953 - Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint

CVE ID :CVE-2026-57953
Published : June 29, 2026, 5:21 p.m. | 1 hour, 55 minutes ago
Description :Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57954 - Elide 7.1.17 - Permission Bypass in Sort Expression Validation

CVE ID :CVE-2026-57954
Published : June 29, 2026, 5:21 p.m. | 1 hour, 55 minutes ago
Description :Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across all rows via both JSON:API and GraphQL read paths.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57955 - SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

CVE ID :CVE-2026-57955
Published : June 29, 2026, 5:22 p.m. | 1 hour, 55 minutes ago
Description :SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated into ClickHouse queries to read all stored traces, logs, and metrics, or abuse the url() function to perform server-side request forgery.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57956 - SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules

CVE ID :CVE-2026-57956
Published : June 29, 2026, 5:22 p.m. | 1 hour, 54 minutes ago
Description :SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules belonging to other organizations by exploiting the missing tenant isolation check, bypassing multi-tenant access controls.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...