Lucene search
K

178 matches found

CVE
CVE
added last week12 views

CVE-2026-9172

WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution (versions up to 1.2.0) is vulnerable to unauthorized modification/deletion of data due to a missing capability check in delete_single_account(), with the REST route devs-accounting/v1/delete-account/(?P\d+) registered wit...

5.3CVSS6AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added last week10 views

EUVD-2026-38659

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS6AI score0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added last week31 views

CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:13 p.m.10 views

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/15 10:9 p.m.55 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.7 views

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS5.5AI score0.00169EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:40 p.m.15 views

Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

5.7AI score0.0005EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 4:40 p.m.5 views

GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

5.9CVSS5.7AI score0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-47094

Name of the Vulnerable Software and Affected Versions Klever-Go versions prior to 9640d63 Description A resource leak exists in the account-data trie syncers where bounded throttler slots are not released during error paths in the syncDataTrie function. When a trie sync fails, a slot from the...

5.9CVSS6AI score0.0005EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 7:16 p.m.9 views

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 5:32 p.m.14 views

CVE-2026-42951

CVE-2026-42951 concerns the Danelec MacGregor Voyage Data Recorder (VDR) device. The description across sources states an authenticated user can download a backup of the VDR that includes account data and password hashes. The connected records corroborate credentials exposure as the primary issue...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/29 5:32 p.m.14 views

EUVD-2026-33396

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:32 p.m.9 views

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 5:32 p.m.34 views

CVE-2026-42951 MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

5.9CVSS0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44928

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description An authenticated user can download a backup of the device, which contains account data and password hashes. Recommendations At the moment, there is no informati...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 8:0 a.m.15 views

CVE-2026-40850

CVE-2026-40850 describes an unauthenticated SQL injection in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command, leading to total loss of confidentiality. The vulnerability is shown with CVSS 3.1 base score 7.5 (NETWORK, LOW complexity, NONE pri...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:0 a.m.7 views

CVE-2026-40850

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/05/27 8:0 a.m.10 views

EUVD-2026-32149

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
Rows per page
Query Builder