Lucene search
+L

1016 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-9484

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS5.5AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:54 p.m.13 views

EUVD-2026-34266

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.24 views

PT-2026-46238

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the dashboard widgets allows an authenticated user to manipulate the fields option to influence the data returned by the New Users and New Organisations widgets. When a requested fie...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

ITPison OMICARD EDM 安全漏洞

ITPison OMICARD EDM is a high-speed electronic newspaper EDM marketing distribution system developed by the Chinese company ITPison. ITPison OMICARD EDM has a security vulnerability that stems from insecure direct object references. This vulnerability could allow unauthorized remote attackers to...

6.9CVSS5.4AI score0.00244EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 9:36 p.m.11 views

CVE-2026-40102 Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References2
OSV
OSV
added 2026/05/20 9:36 p.m.3 views

CVE-2026-40102 Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.9AI score0.00295EPSS
Exploits1References4
NVD
NVD
added 2026/05/20 7:16 a.m.20 views

CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

5.8CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:0 a.m.8 views

CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/05/12 8:41 a.m.14 views

Stolen Canvas data was “returned” after hacker agreement, Instructure says

The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/07 7:41 p.m.3 views

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS7.1AI score0.00798EPSS
Exploits0References25
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.34 views

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.8AI score0.00798EPSS
Exploits0
CVE
CVE
added 2026/05/06 7:40 p.m.13 views

CVE-2026-40174

Masa CMS CSRF in user address management (cUsers.updateAddress) affects versions 7.5.2 and earlier. An attacker can lure a logged-in administrator into submitting forged requests to add, modify, or delete user address records (including emails and phone numbers), potentially altering contact info...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 7:40 p.m.7 views

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/02 1:26 p.m.5 views

EUVD-2026-26790

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.10 views

VulnCheck KEV: CVE-2026-2025

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

7.5CVSS5.3AI score0.01379EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.14 views

PT-2026-34062

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The file 'git.json.php' located at the web root executes the git log -1 command and returns the full output as JSON to unauthenticated users. This leads to the exposure of the deployed commit...

5.3CVSS5.2AI score0.0025EPSS
Exploits1References4
CVE
CVE
added 2026/04/10 7:3 p.m.20 views

CVE-2026-33736

Chamilo LMS prior to version 2.0.0-RC.3 is affected by an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user (including ROLE_STUDENT) to enumerate all platform users and retrieve personal information (email, phone, roles) via GET /api/users, potentially expos...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.4 views

DSpace 7.x / 8.x XMLUI Data Extraction

This Python script sends an HTTP request to a DSpace XMLUI "discover" endpoint using specific query parameters and session cookies. It attempts to retrieve up to 100 records in XML format and saves the response locally as a raw XML dump file. After downloading the data, it performs a basic text...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/09 12:32 a.m.10 views

EUVD-2025-209367

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS5.9AI score0.00264EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 11:16 p.m.9 views

CVE-2025-9484

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS0.00264EPSS
Exploits0References3
Rows per page
Query Builder