Lucene search
K

24762 matches found

Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The export function returns the complete database, including plaintext API keys in t...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 2:17 a.m.9 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 1:45 a.m.42 views

CVE-2026-14691 SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php update_settings_info code injection

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 1:45 a.m.18 views

CVE-2026-14691

CVE-2026-14691 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability resides in the function update_settings_info of the file classes/SystemSettings.php (Setting Handler). Manipulating the argument content[] enables code injection. The attack is described as ...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:45 a.m.7 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/05 1:45 a.m.10 views

EUVD-2026-41714

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:16 p.m.13 views

EUVD-2026-41555

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:56 p.m.7 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:38 p.m.11 views

EUVD-2026-41421

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 9:47 a.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/02 5:35 a.m.7 views

EUVD-2026-41248

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.5 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
CVE
CVE
added 2026/07/02 5:35 a.m.16 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
OSV
OSV
added 2026/07/02 12:0 a.m.2 views

UBUNTU-CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 6:16 p.m.3 views

DEBIAN-CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
Rows per page
Query Builder