Lucene search
K

10393 matches found

NVD
NVD
added 6 days ago11 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42068

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-48958

In Joomla! Core, the CVE-2026-48958 issue is due to improper access control in the com_fields webservice endpoints, enabling unauthorized users to create custom fields via web services. Affected versions include Joomla! 4.0.x (before 5.4.7) and 6.0.x (before 6.1.2). The underlying impact is eleva...

8.8CVSS6AI score0.00262EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References2Affected Software1
OSV
OSV
added 6 days ago6 views

PYSEC-2026-1926 Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time

Summary An inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it i...

8.7CVSS6.6AI score0.00138EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42048

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-48891

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS0.00636EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-53647

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS0.0042EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56262

Name of the Vulnerable Software and Affected Versions Hasura versions prior to 2.49.2 Hasura versions prior to 2.45.5 Description A flaw exists where a user can employ a where clause on a table computed field that returns SETOF some table to infer row values. This occurs even when those rows shou...

6CVSS6.1AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56231

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check allows unauthorized users to create custom fields through webservices endpoints. This issue occurs within the com fields component. Recommendations At the moment...

8.8CVSS6AI score0.00262EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Joomla 4.0.x < 5.4.7 / 6.0.x < 6.1.2 Joomla 6.1.2 & 5.4.7 Security & Bugfix Release (5955-joomla-6-1-2-5-4-7-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 5.4.7 or 6.0.x prior to 6.1.2. It is, therefore, affected by a vulnerability. - An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References14
Cvelist
Cvelist
added last week35 views

CVE-2026-53647 FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS0.0042EPSS
Exploits1References1
CVE
CVE
added last week26 views

CVE-2026-53647

CVE-2026-53647 affects FOSSBilling 0.5.3–0.7.2 where the Guest serviceapikey/get_info endpoint is accessible without authentication. An unauthenticated caller with a valid API key can retrieve all custom_* fields stored in the key’s database record, potentially exposing pricing tiers, feature fla...

6.9CVSS5.9AI score0.0042EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added last week4 views

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 8:16 a.m.7 views

CVE-2026-11766

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:0 a.m.16 views

CVE-2026-11766

CVE-2026-11766 affects the Ultimate Member WordPress plugin (before 2.12.0). The vulnerability is a stored XSS in custom textarea profile fields: unescaped/sanitised values are output on user profiles, enabling an authenticated user with Subscriber-level access and above to inject JavaScript that...

8CVSS6AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 6:0 a.m.5 views

EUVD-2026-41819

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

8CVSS6AI score0.00247EPSS
Exploits0References1
Rows per page
Query Builder