Lucene search
K

2762 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.7 views

CVE-2026-42452

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

8.1CVSS5.7AI score0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.31 views

CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39952

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.6 views

sealed-env 信息泄露漏洞

Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/10 4:21 a.m.103 views

Exploit for CVE-2025-4396

CVE-2025-4396 Exploit: Relevanssi SQL Injection Time-Based...

7.5CVSS5.9AI score0.02626EPSS
Exploits2
CVE
CVE
added 2026/05/07 2:59 a.m.12 views

CVE-2026-41660

Admidio prior to version 5.0.9 contains an inverted authorization check in two_factor_authentication.php that allows non-admin group leaders with profile edit rights on an admin account to strip that admin’s 2FA, compromising admin accounts. The issue is fixed in 5.0.9; upgrade to 5.0.9+ to mitig...

7.1CVSS5.7AI score0.00297EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 8:42 p.m.7 views

GHSA-9PQ7-MFWH-XX2J phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.1CVSS6.1AI score0.00339EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.10 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/06 11:59 a.m.74 views

mssql_timebased_SQLI

No d...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-41366

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An unauthenticated SQL injection exists in the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods. The issue occurs when unsanitized User-Agent headers are interpolated into...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References13
EUVD
EUVD
added 2026/05/05 12:28 p.m.8 views

EUVD-2026-27311

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/05 10:33 a.m.11 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 10:27 a.m.11 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 10:25 a.m.10 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00304EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37308

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 Description An authorization bypass exists because the PageSecurityCheckAttribute is implemented as a ResultFilterAttribute, which executes after the page handler completes. Consequently, any...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-6457

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.5 views

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
Rows per page
Query Builder