Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 2:29 p.m.49 views

CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:49 p.m.8 views

CVE-2026-44554

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/07 2:25 a.m.5 views

GHSA-6W2R-CFPC-23R5 AVideo has Unauthenticated IDOR - Playlist Information Disclosure

Product: AVideo https://github.com/WWBN/AVideo Version: Latest tested March 2026 Type: Insecure Direct Object Reference IDOR Auth Required: No User Interaction: None Summary The /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.5 views

CVE-2025-15563

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...

5.3CVSS5.5AI score0.00257EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-40327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on...

5.9CVSS6.3AI score0.01194EPSS
Exploits0References2
Rows per page
Query Builder