Lucene search
K

11914 matches found

NVD
NVD
added last week7 views

CVE-2026-59148

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS0.00173EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-59148

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS6AI score0.00173EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/08 7:36 a.m.33 views

CVE-2026-57237 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 6:16 a.m.9 views

CVE-2026-9731

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.88 views

CVE-2026-26231

Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...

8.5CVSS7.1AI score0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.32 views

CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.6 views

CVE-2026-9230

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References15
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-617 Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS6.2AI score0.01345EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.15 views

PT-2026-53956

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A code injection flaw allows an unauthenticated remote attacker to gain full control over the system without user interaction. This enables the attacker to read all secrets available to...

10CVSS5.9AI score0.00314EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/29 8:36 a.m.8 views

CVE-2026-53303

A flaw was found in the Linux kernel's f2fs filesystem. This vulnerability allows for potential out-of-bounds memory access or the display of stale data. It occurs because the extensionlist and related counts are read without proper synchronization, enabling a concurrent system file system sysfs...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52901

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description OpenProject exposes a document update endpoint used to modify existing documents. The system loads the target document with visibility checks, but...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5510 Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea

Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea...

8.5CVSS5.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-7165

The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...

9.4CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-6062

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.9 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

8.8CVSS0.00361EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/22 1:40 p.m.10 views

EUVD-2026-38250

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:46 p.m.10 views

EUVD-2026-38235

The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...

9.4CVSS6AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 12:46 p.m.34 views

CVE-2026-7165 Multiple vulnerabilities in the Assassin game by Gaudire

The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...

9.4CVSS0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:17 p.m.11 views

EUVD-2026-38227

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References5
Rows per page
Query Builder