Lucene search
K

2263 matches found

NVD
NVD
added yesterday4 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-58590

FlowDrop for Drupal is affected by a Missing Authorization vulnerability that enables forceful browsing. Publicly reported details cover FlowDrop versions 0.0.0 through 1.6.0 as vulnerable. The root cause is insufficient access checks, allowing unauthorized navigation to access resources. The iss...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-58589

CVE-2026-58589 describes a Missing Authorization vulnerability in Drupal FlowDrop (FlowDrop versions 0.0.0 to 1.6.0) allowing forceful browsing to access endpoints without proper permissions. The issue affects the FlowDrop module used for AI-driven workflows via a chat interface, where endpoints ...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-58589 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-13241

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-13241 Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

0.00132EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-13239

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13239 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

0.00132EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-13237

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-13236

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.2CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00142EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

6.3CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 5 days ago14 views

CVE-2026-59225

Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...

6.3CVSS6AI score0.00211EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-59217

Open WebUI prior to version 0.10.0 allowed a metadata.knowledge_id value in file uploads to auto-link files to a knowledge base, bypassing the write-access check on /api/v1/knowledge//file/add. This enabled read-only knowledge-base users to add arbitrary files. The issue is fixed in version 0.10....

4.3CVSS6AI score0.00272EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56583

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A flaw exists where a client can be registered as the configured no auth user via a parser path triggered when the initial client operation is not CONNECT...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References6
Rows per page
Query Builder