Lucene search
+L

5083 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-57797

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...

4.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-57781

Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through = 1.25.10...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-57740

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 6 days ago4 views

CVE-2026-57729

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.20.5...

7.5CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 6 days ago4 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-57694

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...

6.5CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 6 days ago3 views

CVE-2026-57406

Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through = 1.7.6...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 6 days ago3 views

CVE-2026-57412

Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 6 days ago3 views

CVE-2026-57405

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS6.1AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/07/11 2:16 p.m.8 views

CVE-2026-61439

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/07/11 1:1 p.m.21 views

CVE-2026-61439

Summary: CVE-2026-61439 affects PraisonAI

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/11 1:1 p.m.36 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/07/11 1:1 p.m.5 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/11 1:1 p.m.18 views

EUVD-2026-43179

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 4:31 a.m.9 views

EUVD-2026-42795

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score0.00268EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/09 8:51 a.m.10 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-59804

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS0.00213EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 7:42 p.m.19 views

CVE-2026-59804

Midscene Bridge Server (affected: 1.10.3 and earlier) has a missing authentication and CORS misconfiguration that permits unauthenticated remote hijacking of active bridge sessions via a cross-origin WebSocket to the local Socket.IO server. The server does not validate Origin headers and requires...

7.6CVSS6AI score0.00213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 4:38 p.m.7 views

Apache Tomcat: Apache Tomcat: Authentication bypass due to CLIENT_CERT soft fail misconfiguration

A flaw was found in Apache Tomcat and Apache Tomcat Native. When CLIENTCERT authentication is configured with "soft fail" disabled, the authentication process may not correctly fail in certain scenarios. This vulnerability could allow an attacker to bypass expected client certificate...

9.1CVSS6AI score0.00715EPSS
Exploits2References5
Rows per page
Query Builder