Lucene search
K

103 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 10:22 p.m.12 views

CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.7AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.7 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

7.2CVSS0.00537EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/20 5:39 p.m.10 views

WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin RegistrationMagic versions = 6.0.7.6...

7.5CVSS5.8AI score0.00287EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/18 12:30 a.m.4 views

EUVD-2026-12645

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...

7.5CVSS5.8AI score0.00519EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 9:53 p.m.1 views

CVE-2026-1376 IBM i Denial of Service

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...

7.5CVSS5.8AI score0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.9 views

PT-2026-25952

CVE-2026-1376 IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. https://t.co/NS8gmSThkr...

7.5CVSS5.8AI score0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:7 p.m.5 views

CVE-2025-12555

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/10 6:18 p.m.6 views

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

6.6CVSS6.7AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.5 views

CVE-2026-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through 7.7.6...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.13 views

CVE-2026-27348

CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...

7.1CVSS5.2AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:52 p.m.4 views

EUVD-2024-55395

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and 7.8 on CP4D 5.1 do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service...

5.3CVSS5.7AI score0.00293EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 8:26 a.m.8 views

WordPress WPBakery Page Builder plugin <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via VC Single Image link attribute vulnerability discovered by wesley wcraft in WordPress Plugin WPBakery Page Builder versions = 7.6...

6.4CVSS5.3AI score0.00305EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.5 views

EUVD-2025-204084

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS6.5AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.5 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.16 views

CVE-2025-64205

CVE-2025-64205 affects WordPress Jannah theme versions up to and including 7.6.0. The issue is an improper control of filename for include/require, enabling PHP Local File Inclusion (LFI). The CVSS 3.1 base score is 8.2 (HIGH) with network attack vector, low attack complexity, no privileges requi...

8.1CVSS6.7AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.26 views

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52161

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

7AI score0.00386EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/11 11:46 p.m.13 views

WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...

4.1CVSS7.8AI score0.00222EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder