Lucene search
+L

1674 matches found

BDU FSTEC
BDU FSTEC
added yesterday33 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
NVD
NVD
added 2 days ago5 views

CVE-2026-12692

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS0.00346EPSS
Exploits0References1
CVE
CVE
added 2 days ago16 views

CVE-2026-12692

CVE-2026-12692 affects Vimesoft Inc. Enterprise Video Platform (EVP) versions prior to 3.25.0, with EVP 3.11.0.0 and above being affected. The issue is described as an unverified password change vulnerability that enables authentication bypass. The available documents do not provide details on th...

9.8CVSS5.3AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-12692 Improper Authentication in Vimesoft's Enterprise Video Platform

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45220

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-12692 Improper Authentication in Vimesoft's Enterprise Video Platform

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS5.3AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-63095

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...

7.1CVSS0.00182EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in hehehe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago6 views

CVE-2026-54733 moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin localo365 Teams SSO endpoint ssologin.php base64-decodes a JWT payload and authenticates...

9.3CVSS6.1AI score0.00915EPSS
Exploits0References9
NVD
NVD
added 3 days ago7 views

CVE-2024-58360

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...

6.9CVSS0.00259EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-46684

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...

9.5CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-53514

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS0.00202EPSS
Exploits0References4
CVE
CVE
added 4 days ago13 views

CVE-2026-53514

Better Auth (organization plugin) exposes a vulnerability where an attacker with an unverified session for the invited email and a leaked invitationId can join the organization by calling acceptInvitation/rejectInvitation/getInvitation/listUserInvitations, due to email-string ownership checks not...

7.7CVSS6.1AI score0.00202EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS6.1AI score0.00202EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-61446

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44646

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS6.6AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

MAL-2026-10456 Malicious code in @spzhongwin/skill-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 970980f38a6389d5b622ca41ba3b418f1538b2a38f595536c97acb934012b8b9 The package advertises itself as a skill usage/error logger but, when activated via the openclaw gatewaystart hook, opens a persistent WebSocket to a...

6.3AI score
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-22102

CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in awesome-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 379d820ae94a1dd684c187fd2577558795440d8f8cd1fe3cd209c8eb5b303913 [email protected] ships a postinstall script scripts/install-check.cjs that resolves a bundle URL from a remote JSON config at...

6.5AI score
Exploits0References3
Rows per page
Query Builder