Lucene search
K

82 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-57949

ruoyi-vue-pro (through 2026.05) contains a missing authorization vulnerability in the CRM module’s GET /admin-api/crm/follow-up-record/get endpoint. The issue allows an authenticated user to read any follow-up record by iterating sequential numeric IDs, exfiltrating follow-up notes, file attachme...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:1 p.m.17 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52577

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References5
NVD
NVD
added 2026/05/13 4:16 p.m.24 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS0.0016EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/27 1:56 p.m.750 views

Exploit for CVE-2026-21509

🛡️ CVE-2026-21509 — Microsoft Office Zero-Day !OFFICEhttps...

9.3CVSS7.7AI score0.99945EPSS
Exploits43
GithubExploit
GithubExploit
added 2026/01/24 4:18 a.m.164 views

exploitRag-FullStack

ExploitRAG - RAG-based Cybersecurity Chat System A production...

6.4AI score
Exploits0
EUVD
EUVD
added 2025/12/12 5:21 p.m.8 views

EUVD-2025-203103

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up...

7.5CVSS6.5AI score0.65592EPSS
Exploits10References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-37482

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8198

Malicious code in bioql PyPI...

7.1CVSS9.2AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-37479

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/30 12:0 a.m.2 views

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

6.6AI score0.00648EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/25 5:52 p.m.2 views

CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS8.1AI score0.00805EPSS
Exploits0References3
CVE
CVE
added 2025/08/25 5:52 p.m.26 views

CVE-2025-57811

Craft CMS vulnerability CVE-2025-57811 is a remote code execution via Twig SSTI affecting Craft 4.x (4.0.0-RC1 through 4.16.5) and 5.x (5.0.0-RC1 through 5.8.6). The issue stems from Twig SSTI and is a follow-up to CVE-2024-52293. Affected versions are patched in Craft 4.16.6 and 5.8.7. If you ru...

8.6CVSS7.1AI score0.00805EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/25 5:52 p.m.7 views

CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS0.00805EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.12 views

CVE-2025-23460 WordPress RWS Enquiry And Lead Follow-up plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS Enquiry And Lead Follow-up: from n/a through = 1.0...

7.1CVSS0.00345EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/18 10:53 a.m.3 views

WordPress RWS Enquiry And Lead Follow-up plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin RWS Enquiry And Lead Follow-up versions = 1.0...

7.1CVSS7.7AI score0.00345EPSS
Exploits0Affected Software1
Rows per page
Query Builder