Lucene search
+L

48325 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-45168

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

5.4AI score
Exploits0References4
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-9537 Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison

Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of...

Exploits0References1
NVD
NVD
added 4 hours ago4 views

CVE-2026-13410

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

Exploits0References4
CVE
CVE
added 5 hours ago4 views

CVE-2026-13410

DVE-2026-13410 affects Dancer::Plugin::Auth::Google up to version 0.07 for Perl. TLS verification is disabled because the default user agent initializes SSL_verify_mode as disabled, enabling MITM attackers to intercept the OAuth2 token exchange and userinfo fetch with googleapis.com, forge an acc...

5.4AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 6 hours ago14 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 6 hours ago19 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
NVD
NVD
added 10 hours ago5 views

CVE-2026-12393

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago13 views

CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...

Exploits0References1
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-45148

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...

5.4CVSS5.3AI score
Exploits0References1
Nuclei
Nuclei
added 13 hours ago32 views

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

7.5CVSS5.2AI score0.01211EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago45 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS8.4AI score0.13117EPSS
Exploits6References1
Nuclei
Nuclei
added 13 hours ago83 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS5.3AI score0.01223EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago41 views

WordPress Plugin Age Verification v0.4 - Open Redirect

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectto parameter. id: CVE-2012-6499 info: name: WordPress Plugin Age...

5.8CVSS5.6AI score0.10557EPSS
Exploits1References3
NVD
NVD
added yesterday5 views

CVE-2026-49998

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another allowed issuer because the JWKS cache and singleflight lookup were keyed only by JWT header kid, not...

8.2CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-45795

The Janssen Project's Jans-auth-server had a JWE request object signature verification bypass prior to version 2.0.0: unsigned JWE were accepted because JwtAuthorizationRequest skipped inner signature validation when jwe.getSignedJWTPayload() was null, and AuthzRequestService.processRequestObject...

5.3CVSS6.1AI score0.00044EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-38974

A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...

8.8CVSS6.3AI score0.00145EPSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2024-58360

CVE-2024-58360 affects stoatchat versions before 0.7.8. The issue: account creation restrictions (invite-only, email verification, captcha, shield verification) are not enforced, allowing attackers to create unlimited accounts with unverified emails. Impacts include higher denial-of-service risk ...

6.9CVSS6.1AI score
Exploits0References3
OSV
OSV
added yesterday3 views

MAL-2026-10713 Malicious code in @hibachi-xyz/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2012c3b3a43f28209edf1c4b6fdbb0477c7c31f7574e37293cf7dd324f7f1e2f On require of the package's main entry, top-level code enumerates process.env and collects values whose keys match a credential-shaped regex KEY,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @hibachi-xyz/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2012c3b3a43f28209edf1c4b6fdbb0477c7c31f7574e37293cf7dd324f7f1e2f On require of the package's main entry, top-level code enumerates process.env and collects values whose keys match a credential-shaped regex KEY,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @hibachi-xyz/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 308aa7f8a3746a346bbed305975f68d110bcf6b98815b7bf9f579e37089fd78b The package is published under the name @hibachi-xyz/ui with description 'UI components' but ships no UI code. Its index.js, executed on require,...

6.1AI score
Exploits0References1
Rows per page
Query Builder