Lucene search
K

4074 matches found

CVE
CVE
added 4 hours ago6 views

CVE-2026-57693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday9 views

EUVD-2026-43198

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
added yesterday8 views

EUVD-2026-43197

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
CVE
CVE
added 3 days ago5 views

CVE-2026-56279

Capgo before 12.128.2 is affected by an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users’ organization membersh...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago93 views

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

7.5CVSS7AI score0.90647EPSS
Exploits0References5
NVD
NVD
added 6 days ago9 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 6 days ago11 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 6 days ago15 views

CVE-2026-57869

CVE-2026-57869 affects MicroRealEstate up to version 1.0.0-alpha3. The vulnerability stems from broken object-level access controls and a deterministic pattern used in random ID generation, enabling attackers to access documents uploaded by landlords or tenants without authorization. The availabl...

7.1CVSS6AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-57868

CVE-2026-57868 affects MicroRealEstate up to version 1.0.0-alpha3, involving broken object-level access controls in the PDF generator functionality. The affected component is the PDF generation feature within MicroRealEstate; the root cause is described as object-level access control failure. The...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added last week38 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 5:16 a.m.8 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.00417EPSS
Exploits0References23
CVE
CVE
added 2026/07/03 4:30 a.m.23 views

CVE-2026-14352

AR for WooCommerce

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55496

Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...

7.5CVSS6AI score0.00473EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/02 2:35 p.m.9 views

EUVD-2026-41376

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13568

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 12:45 p.m.44 views

CVE-2026-13568 SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
Rows per page
Query Builder