Lucene search
K

273 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 9:8 p.m.30 views

CVE-2026-34050 Coolify Settings/Updates Livewire component missing instance administrator authorization

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:8 p.m.3 views

CVE-2026-34050

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 9:8 p.m.3 views

CVE-2026-34050 Coolify Settings/Updates Livewire component missing instance administrator authorization

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 9:8 p.m.12 views

CVE-2026-34050

CVE-2026-34050 affects Coolify, specifically the Settings/Updates Livewire component. The root cause is a missing isInstanceAdmin check in the component's mount method, allowing non-admin users to access the Updates settings page and potentially modify auto-update settings or trigger update check...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2026/07/05 2:17 a.m.10 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:45 a.m.10 views

EUVD-2026-41714

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:45 a.m.8 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 1:45 a.m.19 views

CVE-2026-14691

CVE-2026-14691 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability resides in the function update_settings_info of the file classes/SystemSettings.php (Setting Handler). Manipulating the argument content[] enables code injection. The attack is described as ...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51704

Name of the Vulnerable Software and Affected Versions MotorDesk versions prior to 1.1.3 Description The MotorDesk plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to perform actions they do not intend to...

4.3CVSS5.6AI score0.00145EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.14 views

CVE-2026-8499

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.12 views

CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35302

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 3:41 a.m.25 views

CVE-2026-8499

The CVE concerns the WordPress Helpfulcrowd Product Reviews plugin (vulnerable up to 1.2.9). Root cause: a PHP type-juggling flaw in helpfulcrowd_validate_token() uses a loose != comparison, paired with a REST route (wp-json/helpfulcrowd/v1/update-settings) that has a permissive permission_callba...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.36 views

CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47672

Name of the Vulnerable Software and Affected Versions Helpfulcrowd Product Reviews versions prior to 1.3.0 Description The Helpfulcrowd Product Reviews plugin for WordPress allows unauthenticated authorization bypass due to PHP Type Juggling. This occurs because the helpfulcrowd validate token...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

2.7CVSS6.2AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.4AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS5.7AI score0.00532EPSS
Exploits0References1
Rows per page
Query Builder