Lucene search
K

265 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/09 2:25 a.m.11 views

EUVD-2026-28881

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
NVD
NVD
added 2026/05/08 5:16 a.m.14 views

CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

6.5CVSS0.00201EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.57 views

Ollama Missing Signature Verification for Updates (CVE-2026-42248)

The version of Ollama installed on the remote Windows host is affected by a missing signature verification vulnerability: - Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update...

9.8CVSS6AI score0.00379EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 1:53 a.m.9 views

Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest

Summary The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, whic...

7.1CVSS5.9AI score0.00266EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/07 1:53 a.m.5 views

GHSA-77X9-RF64-92GV Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest

Summary The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, whic...

6.1CVSS5.9AI score0.00266EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/07 12:6 a.m.9 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

6.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 12:6 a.m.13 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

6.3CVSS5.9AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 12:6 a.m.12 views

GHSA-R4W4-WV68-QV85 Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

6.3CVSS6AI score0.00179EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.10 views

PT-2026-38366

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Access and Mobility Management Function AMF in free5GC fails to verify UE Security Capabilities received in NGAP PathSwitchRequest messages against locally stored values. This occurs within the...

7.1CVSS5.9AI score0.00266EPSS
Exploits1References6
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS5.9AI score0.00373EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/02 7:46 a.m.7 views

EUVD-2026-26755

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS6AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 1:28 p.m.30 views

CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

7.5CVSS0.0032EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/04/29 11:44 a.m.9 views

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

9.8CVSS6.5AI score0.00625EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/29 11:44 a.m.6 views

EUVD-2026-26210

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

7.7CVSS5.3AI score0.00379EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/29 10:9 a.m.11 views

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...

6.8CVSS5.2AI score0.00136EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 10:54 p.m.7 views

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/22 9:31 p.m.7 views

EUVD-2026-22844

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

8.8CVSS5.8AI score0.00399EPSS
Exploits0References6
Rows per page
Query Builder