Lucene search
+L

4160 matches found

Nuclei
Nuclei
added 17 hours ago11 views

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection

The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

7.5CVSS7.7AI score0.02221EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS5.4AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago54 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

4.8CVSS4.7AI score0.01424EPSS
Exploits1References3
Cvelist
Cvelist
added 21 hours ago9 views

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...

Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-15106

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added yesterday8 views

EUVD-2026-44892

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6.2AI score0.00273EPSS
Exploits0References8
CVE
CVE
added yesterday10 views

CVE-2026-15106

The WPBot – AI ChatBot for Live Support WordPress plugin is vulnerable to an authorization bypass in all versions up to 8.5.6. The issue allows unauthenticated attackers to delete arbitrary chat session records from wpbot_user andwpbot_conversation by supplying a crafted userid value, indicating ...

5.3CVSS6.2AI score0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday34 views

CVE-2026-15106 WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00273EPSS
Exploits0References8
NVD
NVD
added 2 days ago5 views

CVE-2026-52870

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00227EPSS
Exploits0References4
NVD
NVD
added 3 days ago4 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

5.4CVSS0.0033EPSS
Exploits2References6
CVE
CVE
added 3 days ago16 views

CVE-2026-15389

Sesame Time web app and its REST v3 API expose an access-control weakness in session management: USID is used as the sole validator without verifying ownership, enabling session impersonation when a valid USID is obtained. The flaw is worsened by poor session lifecycle management, as new logins g...

8.7CVSS6AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43604

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-60096

Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Operator session tokens are stored in plaintext within the token column of the operator sessions table. These tokens are 32-byte random hex values sent via cookies and remain valid for 24...

7.1CVSS6.1AI score
Exploits0References6
CVE
CVE
added 3 days ago5 views

CVE-2026-36214

CVE-2026-36214 — osTicket Stored XSS affects osTicket versions 1.10–1.17.7 and 1.18.0–1.18.3 due to a vulnerable Bootstrap Tooltip (3.3.4) and insufficient HTML sanitization. The attack stores a malicious JS payload in a ticket attachment and executes it when an Agent/Admin views the ticket, enab...

5.4CVSS6.3AI score0.0033EPSS
Exploits2References6
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

0.0033EPSS
Exploits2References6
NVD
NVD
added 4 days ago6 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS0.00379EPSS
Exploits0References2
CVE
CVE
added 4 days ago17 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

0.00379EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 8:16 p.m.7 views

CVE-2026-57850

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
Rows per page
Query Builder