Lucene search
K

1117 matches found

Nuclei
Nuclei
added 7 hours ago92 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS6.9AI score0.13425EPSS
Exploits1References5
OSV
OSV
added last week5 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score0.00238EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 12:30 a.m.17 views

EUVD-2026-41783

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 12:30 a.m.5 views

EUVD-2026-41782

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 10:16 p.m.7 views

CVE-2026-59519

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/07/05 10:16 p.m.7 views

CVE-2026-59511

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:42 p.m.8 views

CVE-2026-59519

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55826

Name of the Vulnerable Software and Affected Versions FormLayer versions prior to 1.0.7 Description An issue in Softaculous FormLayer allows for the insertion of sensitive information into sent data, which can lead to the retrieval of embedded sensitive data. Recommendations Update FormLayer to...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 5:40 p.m.7 views

EUVD-2026-41104

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:26 p.m.5 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:26 p.m.4 views

CVE-2026-54848

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52423

Name of the Vulnerable Software and Affected Versions APIExperts Square for WooCommerce versions prior to 4.7.4 Description An issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This flaw is network-exploitable and requires no...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:58 p.m.3 views

GHSA-3QQ3-668M-V9MJ Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data. The original logic for getting mma8452data is incorrect. The dev points to the device belonging to iiodev. We cannot use this dev to find the correct i2cclient. The...

5.5CVSS6.1AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.16 views

CVE-2026-24618

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:46 p.m.11 views

EUVD-2026-36570

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-48976

Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/10 2:31 p.m.9 views

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Aix-DB 访问控制错误漏洞

Aix-DB is an intelligent data analysis and visualization system developed by AiAdventurer’s individual developers. Versions of Aix-DB 1.2.4 and earlier contained a access control vulnerability. This vulnerability stemmed from the lack of authentication checks for the /llm/processllmout endpoint,...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34947

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References8
Rows per page
Query Builder