Lucene search
+L

3180 matches found

nuclei
nuclei
added 10 hours ago292 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS6.1AI score0.00606EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago22 views

CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

...

7CVSS0.00193EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-50371

CVE-2026-50371 affects Windows LUAFV (Windows LUAFV driver). The issue is a race condition due to concurrent access to a shared resource without proper synchronization, enabling an authorized local attacker to elevate privileges. Microsoft has released updates addressing this family of vulnerabil...

7CVSS6.1AI score0.00193EPSS
Exploits0References1
euvd
euvd
added 2 days ago8 views

EUVD-2026-43588

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score0.0022EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/09 6:26 a.m.5 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.9 views

PT-2026-56174

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description The encryption algorithm used to protect the configuration of user accounts within the built-in user directory of projects is insufficient. This weakness allows a local attacker to modify the existing...

8.4CVSS6.1AI score0.0005EPSS
Exploits0References10
cve
cve
added 2026/07/02 6:0 a.m.18 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/19 6:51 a.m.36 views

CVE-2026-3640 STRABL <= 4.5 - Unauthenticated Arbitrary Webhook Creation via REST API Endpoint

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS0.00382EPSS
Exploits0References14
attackerkb
attackerkb
added 2026/06/18 5:48 a.m.7 views

CVE-2026-55740

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/06/15 10:9 p.m.76 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score
Exploits0
osv
osv
added 2026/06/12 9:5 a.m.11 views

BIT-GITLAB-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS5.3AI score0.00255EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/11 10:20 a.m.11 views

CVE-2026-8589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

7.3CVSS5.5AI score0.00255EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/11 8:59 a.m.13 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 3:15 a.m.11 views

EUVD-2026-35980

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 3:15 a.m.13 views

EUVD-2026-35979

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

8.7CVSS5.8AI score0.00292EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/10 3:15 a.m.44 views

CVE-2026-26239 File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

8.7CVSS0.00292EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 3:8 a.m.12 views

EUVD-2026-35974

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/10 3:8 a.m.43 views

CVE-2026-24720 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

5.3CVSS0.0028EPSS
Exploits0References1
cve
cve
added 2026/06/10 3:8 a.m.36 views

CVE-2026-24720

The CVE-2026-24720 entry concerns File Station 6 with a resource-allocation vulnerability (no throttling). A user-account–enabled remote attacker can cause resource denial for other systems/applications. The issue is fixed in File Station 5 5.5.6.5243 and later; upgrading to that version or later...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/06/10 3:7 a.m.11 views

CVE-2026-22899 File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder