Lucene search
K

4959766 matches found

Cvelist
Cvelist
added 19 minutes ago1 views

CVE-2026-6541 Unscoped updates to other playbooks' metric configuration

Mattermost versions 11.7.x = 11.7.1, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a...

4.3CVSS
Exploits0References1
CVE
CVE
added 19 minutes ago2 views

CVE-2026-6541 Unscoped updates to other playbooks' metric configuration

Mattermost versions 11.7.x = 11.7.1, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a...

4.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 21 minutes ago4 views

CVE-2026-9820 Mattermost schemes teams endpoint exposes private team invite IDs

Mattermost versions 11.7.x = 11.7.2, 10.11.x = 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API...

3.8CVSS
Exploits0References1
CVE
CVE
added 21 minutes ago2 views

CVE-2026-9820 Mattermost schemes teams endpoint exposes private team invite IDs

Mattermost versions 11.7.x = 11.7.2, 10.11.x = 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API...

3.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 25 minutes ago2 views

CVE-2026-9824 Remote cluster metadata enumeration via /share-channel autocomplete

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS
Exploits0References1
CVE
CVE
added 25 minutes ago2 views

CVE-2026-9824 Remote cluster metadata enumeration via /share-channel autocomplete

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 41 minutes ago4 views

Exploit for CVE-2026-38526

CVE-2026-38526 - Krayin CRM RCE Description PoC script for...

9.9CVSS6.1AI score0.02759EPSS
Exploits10
GithubExploit
GithubExploit
added 43 minutes ago3 views

SnowCrasher

SnowCrasher This project is an introduction to cyber security...

6AI score
Exploits0
Cvelist
Cvelist
added 52 minutes ago2 views

CVE-2026-14934 Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tena...

9.4CVSS
Exploits0References1
CVE
CVE
added 52 minutes ago2 views

CVE-2026-14934 Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tena...

9.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61975

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...

5.3CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago2 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61976

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61977

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...

5.3CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61985

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...

5.3CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-59523

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS
Exploits0References1
NVD
NVD
added 56 minutes ago3 views

CVE-2026-61955

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS
Exploits0References1
Rows per page
Query Builder