Lucene search
K

161494 matches found

Patchstack
Patchstack
added 2026/05/05 9:32 a.m.7 views

WordPress MoreConvert Pro plugin <= 1.9.14 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin MoreConvert Pro versions = 1.9.14...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/05 8:41 a.m.11 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 8:39 a.m.8 views

BIT-APACHE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/05 8:20 a.m.10 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:37 a.m.3 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00283EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/05 3:31 a.m.5 views

EUVD-2026-27167

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.8 views

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 2:16 a.m.14 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS0.00458EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:46 a.m.13 views

SUSE CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

7.4CVSS5.8AI score0.00557EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.5 views

SUSE CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

10CVSS5.7AI score0.00479EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.15 views

SUSE CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.13 views

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 1:24 a.m.17 views

CVE-2026-5722

The CVE concerns the WordPress plugin MoreConvert Pro (versions up to and including 1.9.14). The vulnerability is an Authentication Bypass in the guest waitlist verification flow: tokens are not invalidated or regenerated when the customer email is changed, enabling unauthenticated attackers to a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 1:24 a.m.42 views

CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS0.00458EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 1:24 a.m.6 views

CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:24 a.m.4 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 12:21 a.m.4 views

EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 12:21 a.m.14 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder