Lucene search
K

656 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2013-1815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure...

6.1CVSS5.8AI score0.00455EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 4:51 p.m.3 views

CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

6.3CVSS5.3AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cross-channel permission list writing that is performed only by the owner at the /allowlist...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 11:54 p.m.3 views

CVE-2026-27843 SenseLive X3050 Missing authentication for critical function

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

9.2CVSS5.2AI score0.00518EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 5:9 p.m.3 views

CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 9:53 p.m.10 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /dreaming path in the operator.write. An attacker can modify persistent memory dreaming settings by sending write-scoped gateway requests, resulting in...

7.1CVSS5.7AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

WordPress plugin Livemesh Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

DRC Central Data Recognition Central Office Services 安全漏洞

DRC Central Data Recognition Central Office Services is an educational assessment data management and processing service system provided by DRC Central in the United States. There is a security vulnerability in DRC Central Data Recognition Central Office Services, which stems from unauthorized...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 10:16 p.m.6 views

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

9.8CVSS0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 9:28 p.m.4 views

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

9.8CVSS5.8AI score0.0042EPSS
Exploits0References1
OSV
OSV
added 2026/04/11 2:3 p.m.4 views

OESA-2026-1859 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29709

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description The PUT /api/v1/subscriber/imsi API endpoint accepts an IMSI identifier from both the URL path and the JSON request body without verifying they match. This allows an authenticated NetworkManager to...

2.7CVSS5.8AI score0.00185EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:28 a.m.2 views

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/30 6:59 p.m.3 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through insufficient scope enforcement in the /allowlist command handler. An attacker can make unauthorized persistent changes to configuration and pairing-store...

7.1CVSS5.9AI score0.00442EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 6:16 a.m.7 views

UBUNTU-CVE-2026-4948

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication,...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 5:30 a.m.1 views

CVE-2026-4948

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication,...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31849

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

7.2CVSS5.8AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

WordPress plugin Conditional Menus 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/25 9:55 p.m.3 views

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the status.json.php and disable.json.php endpoints when the authentication key is left at its default empty value. ...

8.8CVSS5.9AI score0.00356EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the Config Sync update program’s indexing process, which lacked authentication measures. As a result,...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References4
Rows per page
Query Builder