Lucene search
K

11887 matches found

Nuclei
Nuclei
added 15 hours ago31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.4AI score0.04342EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago17 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7.2AI score0.01461EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago11 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score
Exploits0References2
OSV
OSV
added yesterday2 views

SUSE-SU-2026:2673-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free vulnerabilit...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References14
NVD
NVD
added yesterday3 views

CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-27404

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday31 views

CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-57684

CVE-2026-57684 describes a Cross Site Scripting (XSS) vulnerability in WordPress TheFox theme (versions

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS
Exploits0References1
Patchstack
Patchstack
added yesterday4 views

WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability

CSRF to Account Takeover vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.7...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References1Affected Software1
OSV
OSV
added yesterday7 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-55794

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
Rows per page
Query Builder