Lucene search
K

4777 matches found

Nuclei
Nuclei
added yesterday29 views

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.1AI score0.00936EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday10 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2025-13475

CVE-2025-13475 describes cross-tenant data exposure in multi-tenant deployments due to mis-isolation of consent scopes in the application consent management mechanism. A user’s consent for a SaaS application in one tenant could be incorrectly applied to similarly named applications in other tenan...

3.5CVSS5.9AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41556

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-8079

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-9272 Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-5120

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user...

8.1CVSS0.00179EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40956

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS0.00235EPSS
Exploits0References3
OSV
OSV
added last week5 views

PYSEC-2026-394 llama_index vulnerable to SQL Injection

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

9.8CVSS7.4AI score0.00581EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39958

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability enables a local attacker to...

3.7CVSS5.8AI score0.0037EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38673

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 3:17 p.m.8 views

EUVD-2025-210310

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51525

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 12:46 p.m.15 views

CVE-2026-7165

CVE-2026-7165 affects the Assassin game by Gaudire. The vulnerability is in the /addJugador endpoint and involves multiple issues: keyJugador and keyJugadorObjectiu allow unauthorized modification of other users’ data; punts and numObjectiusEliminats accept arbitrary data enabling falsified prize...

9.4CVSS6AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder