Lucene search
+L

17887 matches found

EUVD
EUVD
added 2026/07/11 5:35 a.m.10 views

EUVD-2026-43152

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.36 views

CVE-2026-10865 Cost Calculator Builder <= 4.0.11 - Unauthenticated Sensitive Information Exposure of Payment Gateway Secret Keys

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS0.0037EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/07/11 12:22 a.m.103 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS7.1AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
added 2026/07/11 12:22 a.m.26 views

Citrix NetScaler ADC and NetScaler Gateway - Remote Code Execution

critical unauthenticated remote code execution RCE vulnerability affecting Citrix ADC NetScaler ADC and Citrix Gateway appliances configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Exploitation can lead to arbitrary code execution. id: CVE-2023-3519 info...

9.8CVSS7.6AI score0.99445EPSS
Exploits16References3
NVD
NVD
added 2026/07/10 10:16 a.m.8 views

CVE-2026-11990

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00342EPSS
Exploits0References12
CVE
CVE
added 2026/07/10 9:32 a.m.11 views

CVE-2026-11990

The CVE-2026-11990 entry affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin, specifically versions up to and including 4.4.0. The root issue is missing authorization checks for actions, allowing unauthenticated attackers to mark arbitrary pending appointments as Conf...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/10 9:32 a.m.10 views

EUVD-2026-42864

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/07/10 9:32 a.m.8 views

CVE-2026-11990

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References13
NVD
NVD
added 2026/07/09 11:17 p.m.10 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00189EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 11:17 p.m.7 views

CVE-2026-33655

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00442EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:3 p.m.8 views

CVE-2026-33801

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service DoS...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/07/09 9:3 p.m.20 views

CVE-2026-33801

CVE-2026-33801 affects Juniper Networks Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker can trigger a Denial-of-Service by sending a specifically malformed non-inet/inet6 unicast BGP update over an established BGP session, causing the Routing Protocol Daemon (RPD) to crash an...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/09 9:3 p.m.9 views

EUVD-2026-42702

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service DoS...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:8 p.m.8 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score0.0061EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/07/09 11:16 a.m.10 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/09 9:31 a.m.31 views

CVE-2026-9028 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Missing Authorization to Unauthenticated Arbitrary Order Cancellation via 'order_number' Parameter

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00288EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/08 10:38 p.m.5 views

Injection

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...

7.1CVSS6.2AI score0.00441EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.33 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS0.00243EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 7:32 p.m.3 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS6.1AI score0.00243EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 5:17 p.m.10 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

5.3CVSS0.00126EPSS
Exploits0References3
Rows per page
Query Builder