Lucene search
K

50 matches found

GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.137 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
OSV
OSV
added 2026/06/11 1:28 p.m.7 views

GHSA-9GW6-46QC-99VR Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS5.8AI score0.0013EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/07 5:18 a.m.11 views

CVE-2026-11252

A policy bypass flaw was found in the Content Settings component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498373018...

5.4CVSS5.4AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:18 a.m.9 views

CVE-2026-11248

A policy bypass flaw was found in the Google Lens component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497946941...

8.8CVSS5.4AI score0.00241EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:12 a.m.9 views

CVE-2026-11206

A policy bypass flaw was found in the ServiceWorker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505427216...

6.5CVSS5.4AI score0.00229EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 11:17 p.m.4 views

DEBIAN-CVE-2026-11204

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2026/06/02 11:0 a.m.11 views

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

9.8CVSS7.8AI score0.96267EPSS
Exploits357
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:27 a.m.8 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/30 1:28 p.m.3 views

CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/14 8:40 a.m.5 views

EUVD-2026-22236

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...

8.8CVSS5.9AI score0.00453EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/13 12:0 a.m.10 views

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/10 3:45 p.m.3 views

CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...

7.4CVSS5.8AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/10 6:57 a.m.5 views

CVE-2026-5900

A policy bypass flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=475265304...

4.3CVSS5.7AI score0.00159EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/06 5:40 p.m.36 views

CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.3CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 6:28 p.m.8 views

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : git-2.43.5-1.el8_10 (AXSA:2024-8477:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8477:08 advisory. git: Recursive clones RCE CVE-2024-32002 git: RCE while cloning local repos CVE-2024-32004 git: additional local RCE CVE-2024-32465 git: insecure...

9CVSS8.4AI score0.25334EPSS
Exploits34References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-6006

Malware in sbrugna...

3.6CVSS7.6AI score0.0379EPSS
Exploits1References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-18318

Malware in sbrugna...

9CVSS7.6AI score0.02002EPSS
Exploits0References14
OSV
OSV
added 2025/09/05 12:43 p.m.7 views

OESA-2025-2171 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

9.1CVSS6.6AI score0.0097EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/07/13 6:22 a.m.5 views

CVE-2025-30026

The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required...

5.3CVSS7.3AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder