Lucene search
+L

30230 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-45223

A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and...

4.3CVSS5.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-16108

A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and...

4.3CVSS5.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-16108

A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and...

4.3CVSS4.8AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-16072

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45173

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45164

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-45153

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-15380

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday10 views

EUVD-2026-45150

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS5.6AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-9810 AI Chatbot & Workflow Automation by AIWU < 1.5.4 - Unauthenticated Privilege Escalation via MCP OAuth

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-9810

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS5.6AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-11961

The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into ...

5.4AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS0.00294EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45142

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
CVE
CVE
added yesterday23 views

CVE-2026-15982

The CVE-2026-15982 entry describes a Privilege Escalation flaw in the Aimogen Pro WordPress plugin (&lt;= 2.8.4). The root cause is a missing capability check in the function aiomatic_call_google_ai_function, which allows unauthenticated attackers to use the aimogen_wp_god_mode tool to clear func...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-15982

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References3
NVD
NVD
added yesterday8 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS0.00108EPSS
Exploits0References1
Rows per page
Query Builder