Lucene search
+L

3399 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2026-25192

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00483EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 2:16 p.m.7 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

9.8CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 1:10 p.m.12 views

CVE-2025-55261

CVE-2025-55261 affects HCL Aftermarket DPC and is associated with a Missing Functional Level Access Control vulnerability that can enable privilege escalation and data manipulation within the application. The CVE is referenced across multiple sources (NVD, Red Hat, CNVD, EUVD, CIRCL, CVE List, vu...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:10 p.m.1 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 1:10 p.m.2 views

CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 1:10 p.m.26 views

CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

8.1CVSS0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 12:47 p.m.2 views

CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they...

2.6CVSS5.7AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 12:16 a.m.6 views

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

5.4CVSS0.00215EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28286

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The application suffers from missing functional level access control, potentially allowing an attacker to escalate privileges and compromise the application. This could lead to th...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

etcd 安全漏洞

Etcd is an open-source system developed in Go language, used as a key-value storage system for distributed systems. There are security vulnerabilities in versions prior to 3.4.42, 3.5.28, and 3.6.9 of etcd. These vulnerabilities stem from the possibility for unauthorized users to bypass...

8.8CVSS6AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

5.4CVSS5.9AI score0.00215EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:45 p.m.5 views

CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

5.4CVSS5.8AI score0.00215EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15568

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

5.8AI score0.00463EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.5 views

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

7.5CVSS0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.13 views

CVE-2026-24372

CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

5.8AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.31 views

CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

7.5CVSS0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 1:31 p.m.10 views

CVE-2026-4815

Support Board 3.7.7 is affected by a SQL injection vulnerability. The issue allows an attacker to retrieve, create, update, and delete data through the parameter calls[0][message_ids][] in the /supportboard/include/ajax.php endpoint. The connected CVE records confirm the affected product/version ...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-27854

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...

7.5CVSS5.9AI score0.00463EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/24 9:2 a.m.7 views

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation vulnerability

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin = 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation vulnerability discovered by abrahack in WordPress Plugin ReviewX versions =...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder