Lucene search
K

161598 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 1:24 a.m.6 views

CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 12:21 a.m.5 views

EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/05 12:21 a.m.9 views

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:21 a.m.14 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/05 12:21 a.m.3 views

GHSA-W9J2-PVGH-6H63 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References3
OSV
OSV
added 2026/05/05 12:1 a.m.6 views

CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:0 a.m.6 views

CLSA-2026-1777939234 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.60 views

📄 GNU InetUtils telnetd Remote Privilege Escalation

GNU InetUtils versions 2.0 through 2.6 telnetd remote privilege escalation proof of concept exploit. Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage:...

9.8CVSS7.5AI score0.98871EPSS
Exploits60
OSV
OSV
added 2026/05/05 12:0 a.m.8 views

ALSA-2026:13857 Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgra...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 8 : dovecot (RHSA-2026:13830)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13830 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

Eclipse OpenJ9 缓冲区错误漏洞

Eclipse OpenJ9 is a Java application engine developed by the Eclipse Foundation. This product is primarily used for running Java applications. Versions of Eclipse OpenJ9 from 0.21 to 0.58 contain a buffer error vulnerability. This vulnerability allows pre-authenticated remote attackers to cause t...

8.7CVSS6AI score0.00517EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS7.6AI score0.01205EPSS
In wildExploits0References2
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.56 views

📄 Camaleon CMS 2.9.0 Path Traversal

Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...

7.7CVSS5.8AI score0.1456EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37002

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

eLabFTW 安全漏洞

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 7.0.1 of OpenEMR contains a security vulnerability...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References1
Rows per page
Query Builder