Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

22 matches found

Circl
Circladded 2026/02/16 12:0 a.m.3 views

CVE-2026-26366

creationtimestamp| type| source ---|---|--- 2026-02-16 00:00:42+00:00| seen| https://infosec.exchange/users/offseq/statuses/116077365893464051 2026-02-16 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mewqmppu3d2s 2026-02-16 22:57:18+00:00| seen|...

9.8CVSS5.1AI score0.00071EPSS
Exploits2References3
OSV
OSVadded 2026/02/15 4:15 p.m.3 views

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

9.8CVSS5.8AI score0.00071EPSS
Exploits2References2
NVD
NVDadded 2026/02/15 4:15 p.m.4 views

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

9.8CVSS0.00071EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2025/02/14 2:39 p.m.2 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS7.4AI score0.00569EPSS
Exploits0References1
Circl
Circladded 2025/02/12 3:35 p.m.4 views

CVE-2025-26366

creationtimestamp| type| source ---|---|--- 2025-02-12 15:35:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113991650924200386 2025-02-12 15:37:04+00:00| seen| Telegram/-xvFghkm9wAI3OH5CI2F-m8akBasfMJYjd3uJLYtuPd0nF4 2025-02-12 16:02:56+00:00| seen| https://t.me/cvedetector/17879...

7.5CVSS4.8AI score0.00569EPSS
Exploits0References2
NVD
NVDadded 2025/02/12 2:15 p.m.10 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS0.00569EPSS
Exploits0References1
OSV
OSVadded 2025/02/12 2:15 p.m.2 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS5.8AI score0.00569EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/02/12 1:29 p.m.5 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS7.8AI score0.00569EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/02/12 1:29 p.m.7 views

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

7.5CVSS0.00569EPSS
Exploits0References1
Circl
Circladded 2023/10/13 12:28 p.m.2 views

CVE-2023-26366

creationtimestamp| type| source ---|---|--- 2023-10-13 12:28:48+00:00| seen| https://t.me/cibsecurity/72217...

6.8CVSS6.4AI score0.00355EPSS
Exploits0References1
CVE
CVEadded 2023/10/13 6:15 a.m.85 views

CVE-2023-26366

CVE-2023-26366 affects Adobe Commerce/Magento Open Source in versions 2.4.4-p5 through 2.4.7-beta1 and earlier. The issue is Server-Side Request Forgery (SSRF) that lets an authenticated, high-privilege attacker cause the application to read arbitrary files by injecting arbitrary URLs; exploitati...

6.8CVSS6.5AI score0.00355EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichmentadded 2023/10/13 6:15 a.m.7 views

CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...

6.8CVSS6.5AI score0.00355EPSS
Exploits0References1
Circl
Circladded 2022/11/30 4:29 p.m.1 views

CVE-2022-26366

creationtimestamp| type| source ---|---|--- 2022-11-30 16:29:13+00:00| seen| https://t.me/cibsecurity/53718...

8.8CVSS8.1AI score0.00109EPSS
Exploits0References1
NVD
NVDadded 2022/11/30 1:15 p.m.12 views

CVE-2022-26366

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

8.8CVSS0.00109EPSS
Exploits0References1
OSV
OSVadded 2022/11/30 1:15 p.m.2 views

CVE-2022-26366

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

8.8CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2022/11/30 12:30 p.m.89 views

CVE-2022-26366

CVE-2022-26366 affects the WordPress AdRotate Banner Manager Plugin, specifically versions <= 5.9. It describes a CSRF/XSRF vulnerability that can enable an attacker to perform privileged actions (e.g., password changes) under a user’s authentication. The issue is tied to ads/banner management...

8.8CVSS7.2AI score0.00109EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2022/11/30 12:30 p.m.8 views

CVE-2022-26366 WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

5.4CVSS6.5AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/11/30 12:30 p.m.30 views

CVE-2022-26366 WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

5.4CVSS9.1AI score0.00109EPSS
Exploits0References1
Circl
Circladded 2022/05/12 10:36 p.m.3 views

CVE-2021-26366

creationtimestamp| type| source ---|---|--- 2022-05-12 22:36:29+00:00| seen| https://t.me/cibsecurity/42541...

7.1CVSS7AI score0.00058EPSS
Exploits0References1
CVE
CVEadded 2022/05/12 5:9 p.m.106 views

CVE-2021-26366

CVE-2021-26366 is documented by AMD in AMD-SB-1027 as a vulnerability where an attacker with elevated privileges could read data from Boot ROM, compromising system integrity. The AMD bulletin lists CVE-2021-26366 under desktop/mobile/server SKUs and ties it to AGESA PI firmware fixes. Mitigation:...

7.1CVSS7.1AI score0.00058EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder