Lucene search
K

9533 matches found

Nuclei
Nuclei
added yesterday23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
NVD
NVD
added 2 days ago4 views

CVE-2026-15642

Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclud...

3.3CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-15747

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

9.1CVSS0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-15642

Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclud...

0.00149EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-15642

The CVE-2026-15642 issue affects Devolutions Server (2026.1.22.0 and 2026.2.11.0), specifically the Recovery Kit response file generation feature. The root cause is the insertion of sensitive data into a generated response file, which allows an attacker with access to that file to extract the Azu...

3.3CVSS6.1AI score0.00149EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago6 views

CVE-2026-15747

CVE-2026-15747 affects Mojolicious on Perl: versions 4.59 up to (but excluding) 9.48 expose a stable CSRF token representation to a BREACH compression oracle. _csrf_token caches a single per-session token and _csrf_field outputs it in a hidden input; when a response includes attacker-controlled i...

9.1CVSS6.1AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2 days ago5 views

CVE-2026-9653

The vulnerability CVE-2026-9653 affects Rockwell Automation 1756-EN2, EN3, and ENBT communication modules. It stems from improper validation of CIP Implicit Connection packets, enabling network-remote denial-of-service when an attacker sends crafted packets; device connections recover immediately...

8.7CVSS6.1AI score0.00178EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago17 views

PSW Front-end Login & Registration 1.13 - Weak Password Recovery

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...

9.8CVSS7AI score0.21914EPSS
Exploits3References5
NVD
NVD
added 3 days ago3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-57697

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-57697

The CVE-2026-57697 entry concerns the WordPress ProfileGrid plugin (Metagauss) ≤ 5.9.9.6, where an Authentication Bypass via an Alternate Path or Channel allows Password Recovery Exploitation. The NVD entries describe a vulnerable component (ProfileGrid) with a base score of 7.5 (HIGH) per CVSS 3...

7.5CVSS6.1AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-57698

CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15479

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43201

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-15479 H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-15479

The vulnerability CVE-2026-15479 affects H3C NX15 V100R017. The vulnerable component is the Administrator Password Modification Endpoint, specifically the change_passwd function at /api/login/modify. Manipulating the newPass parameter results in weak password recovery. The issue can be exploited ...

7.5CVSS6.6AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57554

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient verification during the email change process allows an attacker with access to a valid session cookie or an authenticated browser to change the account email address. This occurs becaus...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References8
Rows per page
Query Builder