Lucene search
+L

23184 matches found

cve
cve
added yesterday24 views

CVE-2026-49998

CVE-2026-49998 describes a cross-issuer JWT authentication bypass in Centrifugo prior to v6.8.1 caused by the JWKS cache and singleflight lookup being keyed only by the JWT header kid. The JWKS URL is resolved later from tokenVars to a per-tenant endpoint, but caches (and TTL) and the in-flight f...

8.2CVSS6.1AI score
Exploits0References4
nuclei
nuclei
added yesterday95 views

WordPress Metform <=2.1.3 - Information Disclosure

WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the /core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA...

7.5CVSS7AI score0.09699EPSS
Exploits2References5
nuclei
nuclei
added yesterday30 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.3AI score0.70947EPSS
Exploits1References2
nuclei
nuclei
added yesterday47 views

Adlisting Classified Ads 2.14.0 - Information Disclosure

Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects. id: CVE-2023-4168 info: name: Adlisting Classified Ads 2.14.0 - Information Disclosure autho...

7.5CVSS6.3AI score0.36205EPSS
Exploits4References5
nuclei
nuclei
added yesterday19 views

Gotenberg - Command Injection

Gotenberg 8.31.0 contains a command injection caused by lack of validation on JSON metadata keys in /forms/pdfengines/metadata/write endpoint, letting unauthenticated attackers execute OS commands, exploit requires crafted HTTP request. id: CVE-2026-42589 info: name: Gotenberg - Command Injection...

9.8CVSS6.1AI score0.0295EPSS
Exploits2References3
nuclei
nuclei
added yesterday248 views

Mlflow <2.9.2 - Path Traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...

7.5CVSS7AI score0.89716EPSS
Exploits1References3
nuclei
nuclei
added yesterday205 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7AI score0.03757EPSS
Exploits1
nuclei
nuclei
added yesterday94 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
cve
cve
added yesterday9 views

CVE-2026-12525

CVE-2026-12525 affects the Redux Framework WordPress plugin prior to 4.5.13. The vulnerability arises because the plugin does not restrict which user_meta keys can be written when saving custom profile fields, enabling users with at least the Subscriber role to escalate to Administrator while upd...

8.8CVSS6.1AI score0.00144EPSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44875

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS6.1AI score0.00144EPSS
Exploits0References1
redhatcve
redhatcve
added yesterday4 views

CVE-2026-15075

A flaw was found in Eclipse Vert.x. The DefaultRedirectHandler in vertx-core improperly handles HTTP 30x redirects by propagating all request headers, including sensitive authentication and session credentials, to cross-origin redirect destinations. An attacker can exploit this by redirecting a...

8.2CVSS6AI score0.00141EPSS
Exploits0References4
nvd
nvd
added 3 days ago8 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS0.00238EPSS
Exploits0References3
cvelist
cvelist
added 3 days ago36 views

CVE-2026-48806 Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS0.00238EPSS
Exploits0References3
cve
cve
added 3 days ago31 views

CVE-2026-48806

Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig

7.1CVSS6.1AI score0.00238EPSS
Exploits0References3
cve
cve
added 3 days ago5 views

CVE-2026-15637

CVE-2026-15637 affects Devolutions Server 2026.2.11 and 2026.1.22: improper authorization in the PAM SSH key and certificate retrieval endpoints allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the...

7.5CVSS6.1AI score0.00192EPSS
Exploits0References1
nvd
nvd
added 3 days ago6 views

CVE-2026-60114

Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...

8.7CVSS0.00303EPSS
Exploits2References2
osv
osv
added 3 days ago3 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References4
cvelist
cvelist
added 3 days ago26 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS0.00141EPSS
Exploits0References1
redhatcve
redhatcve
added 3 days ago7 views

CVE-2026-59869

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References8
nvd
nvd
added 3 days ago12 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder