Lucene search
K

301 matches found

Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS0.00545EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.13 views

Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the Forwarded: for=..., X-Client-IP, or X-Real-IP request header. It was possible to install the Panel = create the first admin user i...

9.1CVSS5.6AI score0.00545EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/15 6:0 a.m.22 views

CVE-2026-8935

The CVE concerns the WP MAPS PRO WordPress plugin prior to version 6.1.1. The vulnerability arises from an unauthenticated AJAX action that, when a valid nonce (publicly emitted on frontend pages enqueuing the map script) is supplied, unconditionally creates an administrator account and returns a...

9.8CVSS5.3AI score0.00268EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.63 views

📄 ProjeQtor 12.4.3 SQL Injection

This Python script automates exploitation of an SQL injection vulnerability in a ProjeQtor login interface. Version 12.4.3 is affected. ================================================================================================================================== | Title : ProjeQtor 12.4.3...

9.8CVSS5.6AI score0.00558EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/06 8:49 p.m.137 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exp...

10CVSS6.4AI score0.93286EPSS
Exploits25
GithubExploit
GithubExploit
added 2026/06/05 10:28 p.m.68 views

Exploit for CVE-2024-34070

CVE-2024-34070 Froxlor PoC Python proof of concept for CVE-20...

9.6CVSS7.7AI score0.00963EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-42457

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS5.7AI score0.00312EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/01 9:6 a.m.134 views

Exploit for CVE-2026-8732

CVE-2026-8732 - WordPress WP Google Map Pro Mass Scanner & Aut...

9.8CVSS6.2AI score0.09461EPSS
Exploits7
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21919

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 5:32 a.m.15 views

EUVD-2026-33251

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44744

Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description An unauthenticated privilege escalation flaw exists due to a temporary access feature intended for support troubleshooting. The wpgmp temp access ajax AJAX action is registered for unauthenticate...

9.8CVSS6.2AI score0.09461EPSS
Exploits7References53
Cvelist
Cvelist
added 2026/05/27 5:9 p.m.42 views

CVE-2026-45716 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:9 p.m.9 views

CVE-2026-45716 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:9 p.m.17 views

EUVD-2026-32602

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Lumiverse 竞争条件问题漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained a race condition vulnerability. This vulnerability stemmed from the fact that the consumeNonce function only checked whether module-level variables...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/23 4:27 a.m.13 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.17 views

PT-2026-42865

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMemberFeaturesTeam Accounts::save settings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41795

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description An issue exists in the "POST /api/global/users/onboard" endpoint, which is protected by the workspaceBuilderOrAdmin middleware. This allows users with builder permissions to access the endpoint. In...

8.8CVSS5.9AI score0.00261EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.52 views

PT-2026-41441

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

6.9CVSS5.8AI score0.00146EPSS
Exploits0References5
Rows per page
Query Builder