Lucene search
K

21929 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/08 7:43 a.m.2 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/08 3:38 a.m.8 views

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

5.7AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31451

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

7.5CVSS5.9AI score0.00319EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31110

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to and including 6.3.7 Description The Awesome Support – WordPress HelpDesk & Support Plugin is susceptible to an Insecure Direct Object Reference issue. The wpas get ticket...

5.3CVSS5.7AI score0.00327EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006654 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

4.7CVSS5.8AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31307

Name of the Vulnerable Software and Affected Versions Wimi Teamwork On-Premises versions prior to 8.2.0 Description Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference issue in the /preview.php endpoint. The item id parameter does not have sufficient...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

frontmcp 代码问题漏洞

FrontMCP is an open-source MCP server development framework based on TypeScript, created by AgentFront. Versions of FrontMCP prior to 2.3.0 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on URL reference resolution, which could lead to server-side...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006603 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID devic...

7.8CVSS5.8AI score0.00153EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.0 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006827 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routin...

5.5CVSS6.3AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/07 11:29 p.m.7 views

SUSE CVE-2026-5663

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible...

9.8CVSS5.5AI score0.01721EPSS
Exploits0References3
Circl
Circl
added 2026/04/07 11:21 p.m.2 views

CVE-2026-34079

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:06+00:00| seen| Telegram/WwaVaWmCpWfeYuJ8P8IqcUlHCUAeEgjmrCmKGvAa3A2q2J0 2026-04-08 01:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix5holkl323 2026-04-10 14:32:09+00:00| seen|...

8.7CVSS4.7AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 8:0 p.m.1 views

MINI-M8JJ-632G-59CQ

Bulletin has no description...

6.5CVSS5.7AI score0.00435EPSS
Exploits0
Circl
Circl
added 2026/04/07 7:35 p.m.3 views

CVE-2026-39334

creationtimestamp| type| source ---|---|--- 2026-04-07 19:35:33+00:00| seen| Telegram/MwNatB1kDaoxbSrZihFWwC12FE1HreAtxbr2hmQcZTjcFY 2026-04-07 19:41:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwjwwb6ct2q 2026-04-08 07:59:58+00:00| seen|...

8.8CVSS4.8AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/07 4:7 p.m.6 views

EUVD-2026-19734

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...

6.9CVSS6AI score0.00304EPSS
Exploits2References1
OSV
OSV
added 2026/04/07 2:45 p.m.2 views

MINI-VR23-PV7M-VV59

Bulletin has no description...

5.3CVSS6.7AI score0.00473EPSS
Exploits0
EUVD
EUVD
added 2026/04/07 9:31 a.m.5 views

EUVD-2026-19580

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS6AI score0.00632EPSS
Exploits1References7
NVD
NVD
added 2026/04/07 7:16 a.m.8 views

CVE-2026-5465

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS0.00632EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/07 6:43 a.m.25 views

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS0.00632EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/07 6:43 a.m.11 views

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS6AI score0.00632EPSS
Exploits1References6
CVE
CVE
added 2026/04/07 6:43 a.m.26 views

CVE-2026-5465

Summary (technical): The Amelia Booking for Appointments and Events Calendar WordPress plugin (versions ≤ 2.1.3) is affected by an Insecure Direct Object Reference (IDOR) in the UpdateProviderCommandHandler. The handler does not validate ownership when a Provider (Employee) user updates their pro...

8.8CVSS6AI score0.00632EPSS
Exploits1References6
Rows per page
Query Builder