Lucene search
K

656 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

5.7CVSS5.5AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.3AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 2:39 p.m.10 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.8AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 11:5 a.m.12 views

CVE-2026-42000

A flaw was found in pdns. This vulnerability, stemming from insufficient validation of names during an Asynchronous Zone Transfer AXFR, allows a remote attacker to compromise the integrity of DNS data. By sending specially crafted requests, an attacker could potentially poison DNS caches or make...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets contain an access control vulnerability, which stems from encryption issues during the processing of partition table entries. This vulnerability may allow unauthorized modification...

7.1CVSS5.3AI score0.00062EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.15 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 6:59 p.m.15 views

CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS5.6AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 5:22 p.m.11 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send route. An attacker can perform unauthorized privileged actions by leveraging inherited external routes to bypass required scope checks, enabling...

8.8CVSS5.5AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/23 8:12 a.m.14 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS
Exploits2References1
NVD
NVD
added 2026/05/22 2:16 a.m.39 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS0.02452EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/05/22 12:43 a.m.21 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:43 a.m.9 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/22 12:43 a.m.35 views

EUVD-2026-31383

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS
Exploits2References1
CVE
CVE
added 2026/05/22 12:43 a.m.202 views

CVE-2026-34908

CVE-2026-34908 affects UniFi OS Server. The issue is an improper access control that can allow an unauthenticated bypass of the auth flow via a discrepancy between raw and normalized URIs in nginx, potentially leading to unauthorized changes and remote code execution. A fix is available: upgrade ...

10CVSS5.7AI score0.02452EPSS
In wildExploits2References3Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from improper access control. This vulnerability could allow malicious individuals...

10CVSS5.8AI score0.02452EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42657

Name of the Vulnerable Software and Affected Versions UniFi OS Server versions prior to 5.0.8 Description An improper access control flaw exists in UniFi OS Server. The issue occurs because nginx evaluates the raw request URI for authentication purposes but performs routing using the normalized...

10CVSS8AI score0.02452EPSS
Exploits2References60
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.18 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

WordPress plugin Child Height Predictor by Ostheimer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. Prior to MISP 2.5.38, there were security...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

ZTE MU5250 信息泄露漏洞

The ZTE MU5250 is a 5G mobile Wi-Fi device produced by ZTE Corporation. The ZTE MU5250 has a vulnerability related to information leakage, which stems from improper control of web interface permissions. Unauthorized attackers can modify the configuration through these interfaces...

6.3CVSS5.8AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder