Lucene search
K

1700 matches found

Nuclei
Nuclei
added yesterday12 views

WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

7.1CVSS6.1AI score0.0059EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday11 views

CVE-2026-15516 MacCMS Pro Installation Index.php step5 authorization

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...

6.3CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 4 days ago11 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS0.00259EPSS
Exploits0References4
Chainguard
Chainguard
added 5 days ago6 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dms-fips, omni, dapr-fips, crossplane-provider-aws-acmpca, thanos-operator-fips, kubernetes-csi-external-attacher-fips, victoriametrics-fips, mapotf-fips, chainctl-fips, cerbos, secretgen-controller, k6-fips, goldilocks-fips, k9s-fips,...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.40 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
CVE
CVE
added 2026/07/03 7:53 a.m.17 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/29 10:23 p.m.4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.15 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:20 p.m.13 views

CVE-2026-57951

Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/29 5:20 p.m.7 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 5:20 p.m.33 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.12 views

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:18 p.m.12 views

CVE-2026-56457

The CVE concerns HCL DevOps Deploy / HCL Launch with a vulnerability that allows exposure of sensitive information via output logs. The description notes that an attacker with access to the logs could potentially obtain sensitive values associated with a step. The Connected CVE lists confirm the ...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:18 p.m.9 views

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: guac, glab, crossplane-provider-azure-storage, tflint, terraform-provider-tls, cluster-api-azure-controller, ko, step, opentelemetry-collector, pulumi-language-yaml, cloud-provider-aws, spire-server, kaf, mods, nfpm, ksops, go-discover, tekton-chains,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: guac, step, opentelemetry-collector, pulumi-language-yaml, cloud-provider-aws, spire-server, kaf, nfpm, go-discover, dagger, snyk-cli, istio, openbao, step-issuer, aactl, rancher, flux-source-controller, flux, mattermost, syft, trivy, skaffold, pulumi-language-java,...

6.1AI score
Exploits0
CVE
CVE
added 2026/06/25 1:42 p.m.24 views

CVE-2026-47153

CVE-2026-47153 affects the EmberZNet stack (v9.0.2 and earlier) where a malformed Level Control Step command can terminate the process via a divide-by-zero fault. The issue requires the sender to be a device that has already joined the network and impacts devices that support the Level Control cl...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:42 p.m.35 views

CVE-2026-47153 Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder