Lucene search
K

200 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 1:17 p.m.16 views

GHSA-RJG2-95X7-8QMX Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Summary of CVE-2026-27886 Vulnerability Details - CVE: CVE-2026-27886 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N 9.3 — Critical - Affected Versions: @strapi/strapi =5.37.0 Description of CVE-2026-27886 Strapi versions prior to 5.37.0 did not sufficiently...

9.2CVSS5.8AI score0.00612EPSS
Exploits5References3
Github Security Blog
Github Security Blog
added 2026/05/14 1:17 p.m.15 views

Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Summary of CVE-2026-27886 Vulnerability Details - CVE: CVE-2026-27886 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N 9.3 — Critical - Affected Versions: @strapi/strapi =5.37.0 Description of CVE-2026-27886 Strapi versions prior to 5.37.0 did not sufficiently...

9.2CVSS5.8AI score0.00612EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2026/05/12 9:2 p.m.37 views

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.37 views

CVE-2026-42610

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS0.0029EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 3:19 p.m.60 views

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS0.0029EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/11 3:19 p.m.13 views

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/06 8:11 p.m.14 views

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the userHasPermission process. An attacker can gain unauthorized access to sensitive administrative data by sending requests ...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:57 p.m.7 views

CVE-2026-40326

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 11:56 p.m.2 views

CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.3AI score0.0019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.2 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:39 p.m.4 views

EUVD-2026-17548

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.6 views

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

7.5CVSS5.9AI score0.00277EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 4:42 p.m.6 views

CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

5.4CVSS5.8AI score0.00247EPSS
Exploits1References4
NVD
NVD
added 2026/03/27 3:16 p.m.8 views

CVE-2026-30689

In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end...

7.5CVSS0.00277EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

Blog.Admin 安全漏洞

Blog.Admin is a backend permission management system developed by the individual developer sonzhang, based on Vue.js. Versions of blog.admin v.8.0 and earlier have security vulnerabilities. These vulnerabilities stem from improper access control in the getinfobytoken API interface, which could...

7.5CVSS5.8AI score0.00277EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.23 views

CVE-2026-30689

In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end...

4.3CVSS0.00277EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/25 11:53 p.m.2 views

CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References2
Rows per page
Query Builder