Lucene search
+L

67 matches found

cve
cve
added 2 days ago11 views

CVE-2026-11580

The CVE covers Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin prior to 2.4.17. The root cause is a missing per-object capability check in the post-duplication AJAX action, enabling users with Contributor-level access or higher to duplicate any post (regardless of owner, post t...

5.5CVSS6.1AI score0.00189EPSS
Exploits0References1
cve
cve
added 2026/06/24 6:0 a.m.11 views

CVE-2026-9709

The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
euvd
euvd
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37580

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.8CVSS5.3AI score0.0039EPSS
Exploits0References3
cve
cve
added 2026/06/17 8:43 a.m.23 views

CVE-2026-32966

The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...

9.8CVSS5.2AI score0.0039EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/17 8:43 a.m.3 views

CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

7.5CVSS5.9AI score0.0039EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8240

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS5.5AI score0.00195EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 5:3 p.m.41 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS0.00222EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/21 9:11 p.m.32 views

CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS0.00195EPSS
Exploits0References1
osv
osv
added 2026/05/21 9:11 p.m.2 views

CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS5.9AI score0.00195EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/21 12:0 a.m.13 views

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 10:6 p.m.17 views

EUVD-2026-30996

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
osv
osv
added 2026/05/15 6:36 p.m.5 views

CVE-2026-45007 phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information Disclosure

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References4
cve
cve
added 2026/04/27 9:40 a.m.22 views

CVE-2026-40022

CVE-2026-40022 affects Apache Camel Platform HTTP Main: when authentication is enabled and a non-root context path (e.g., /api or /admin) is configured, BasicAuthenticationConfigurer/JWTAuthenticationConfigurer derive the path from properties.getPath() if explicit authenticationPath is not set. C...

8.2CVSS5.3AI score0.00622EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2026/04/09 10:21 p.m.5 views

CVE-2026-34757

A flaw was found in libpng, a library used for handling PNG Portable Network Graphics image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like pnggetPLTE, by passing it back to a corresponding setter function within the same image...

5.1CVSS5.6AI score0.00195EPSS
Exploits1References8
cvelist
cvelist
added 2026/03/31 5:41 p.m.27 views

CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS0.00201EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/31 12:0 a.m.10 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/26 3:6 p.m.6 views

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
nvd
nvd
added 2026/03/11 4:16 p.m.4 views

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS0.00243EPSS
Exploits0References3
osv
osv
added 2026/03/11 4:16 p.m.6 views

UBUNTU-CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.7AI score0.00243EPSS
Exploits0References2
debiancve
debiancve
added 2026/03/11 4:5 p.m.7 views

CVE-2026-0602

Removed by vendor...

4.3CVSS5.8AI score0.00243EPSS
Exploits0
Rows per page
Query Builder