Lucene search
+L

13727 matches found

cve
cve
added 3 hours ago5 views

CVE-2026-12510

The vulnerability affects the AI Engine WordPress plugin prior to 3.5.5 . It arises from a missing ownership verification for a client-supplied chatbot conversation identifier, enabling subscriber-level users to read other users’ private conversations and potentially take over their conversation ...

6.1AI score
Exploits0References1
cve
cve
added 9 hours ago19 views

CVE-2026-23538

The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast >=0.1...

7.5CVSS6.1AI score
Exploits0References3
euvd
euvd
added 9 hours ago8 views

EUVD-2026-44838

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday6 views

CVE-2026-52888

NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...

6.8CVSS6.1AI score0.00048EPSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44744

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday19 views

CVE-2026-56687

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS
Exploits0References1
nvd
nvd
added yesterday6 views

CVE-2026-62294

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-62294

Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...

5.1CVSS6.1AI score
Exploits0References4
nvd
nvd
added yesterday7 views

CVE-2026-57833

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS0.00418EPSS
Exploits0References1
attackerkb
attackerkb
added yesterday4 views

CVE-2026-57833

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References2Affected Software1
nuclei
nuclei
added yesterday10 views

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

9.4CVSS6.1AI score0.01173EPSS
Exploits1References3
euvd
euvd
added yesterday4 views

EUVD-2026-44523

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References2
nvd
nvd
added 2 days ago6 views

CVE-2026-48312

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS0.00163EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago3 views

CVE-2026-48312

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References2
talosblog
talosblog
added 2 days ago5 views

Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical." Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-5615...

9.9CVSS7.6AI score0.1972EPSS
Exploits0
nvd
nvd
added 2 days ago3 views

CVE-2026-47996

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.6CVSS0.18502EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago30 views

CVE-2026-47998 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...

5.9CVSS0.00612EPSS
Exploits0References1
cve
cve
added 2 days ago10 views

CVE-2026-48252

Adobe Experience Manager is affected by CVE-2026-48252 (Missing Authentication for Critical Function, CWE-306). An attacker could bypass security measures and gain unauthorized write access without user interaction. The vulnerability has a CVSS v3.1 score of 8.6 (Network, Low attack complexity, N...

8.6CVSS6.1AI score0.00434EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago2 views

CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS6.1AI score0.00201EPSS
Exploits0References2Affected Software9
nvd
nvd
added 2 days ago7 views

CVE-2026-58638

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

6CVSS0.00232EPSS
Exploits0References1
Rows per page
Query Builder