Lucene search
K

253 matches found

Nuclei
Nuclei
added 20 hours ago48 views

WordPress Checklist <1.1.9 - Cross-Site Scripting

WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. id: CVE-2019-16525 info: name: WordPress Checklist 1.1.9 - Cross-Site Scripting author: daffainfo severity: medium description:...

6.1CVSS6.4AI score0.05549EPSS
Exploits2References5
NVD
NVD
added yesterday5 views

CVE-2026-59154

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-59154

The CVE affects Wekan (open‑source Kanban) prior to version 9.64. A cross‑board authorization bypass exists in the direct Meteor collection allow rules for Checklists and ChecklistItems: updates are authorized only against the current source doc.cardId and do not inspect destination cardId or boa...

4.3CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday27 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score
Exploits0References3
HackRead
HackRead
added 2026/06/09 4:50 p.m.16 views

E-Signature Security Checklist Before Selecting an E-Signature Tool

Electronic signature security starts before the first document is sent. A company needs to know how files are…...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/24 1:16 a.m.80 views

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/13 12:41 a.m.102 views

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.30 views

Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack

Agent benchmarks have become the de facto measure of frontier AI competence, guiding model selection, investment, and deployment. However, reward hacking, where agents maximize a score without performing the intended task, emerges spontaneously in frontier models without overfitting. We argue tha...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.9 views

SoK: The Attack Surface of Agentic AI -- Tools, and Autonomy

Recent AI systems combine large language models with tools, external knowledge via retrieval-augmented generation RAG, and even autonomous multi-agent decision loops. This agentic AI paradigm greatly expands capabilities - but also vastly enlarges the attack surface. In this systematization, we m...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.6 views

CVE-2026-25563

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS5.3AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.5 views

CVE-2026-25564

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS5.3AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/08 12:30 a.m.7 views

EUVD-2026-5709

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS5.4AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/08 12:30 a.m.5 views

EUVD-2026-5708

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS5.4AI score0.0028EPSS
Exploits0References4
NVD
NVD
added 2026/02/07 10:16 p.m.8 views

CVE-2026-25564

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/02/07 10:16 p.m.8 views

CVE-2026-25563

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS0.0028EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/07 9:57 p.m.2 views

CVE-2026-25564 WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.1CVSS5.5AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/02/07 9:57 p.m.5 views

CVE-2026-25564 WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.1CVSS6AI score0.0028EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:57 p.m.4 views

CVE-2026-25564

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.1CVSS5.3AI score0.0028EPSS
Exploits0References4
CVE
CVE
added 2026/02/07 9:57 p.m.13 views

CVE-2026-25564

WeKan versions prior to 8.19 are affected by an insecure direct object reference (IDOR) in checklist creation and related routes. The issue arises because the implementation does not verify that the supplied cardId belongs to the supplied boardId, enabling cross-board ID tampering by manipulating...

7.5CVSS5.4AI score0.0028EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder