Lucene search
+L

27 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 10:22 p.m.14 views

CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.7AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.8 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

7.2CVSS0.00537EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.16 views

CVE-2026-27348

CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...

7.1CVSS5.2AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS7AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.31 views

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.25 views

CVE-2025-64205

CVE-2025-64205 affects WordPress Jannah theme versions up to and including 7.6.0. The issue is an improper control of filename for include/require, enabling PHP Local File Inclusion (LFI). The CVSS 3.1 base score is 8.2 (HIGH) with network attack vector, low attack complexity, no privileges requi...

8.1CVSS6.7AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52161

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

7AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48976

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...

5.5CVSS7.1AI score0.00284EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/01 8:26 p.m.3 views

CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS6.2AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/22 8:19 p.m.7 views

CVE-2025-61754

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Service API. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher...

6.5CVSS6AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.6 views

EUVD-2025-35478

Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through = 7.6.0...

6.5AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/10 12:30 p.m.4 views

EUVD-2025-33709

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS5.7AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.5 views

Unicom Focal Point 安全漏洞

Unicom Focal Point is a portfolio management and decision analysis tool from Unicom, Inc. for use by corporate and government agency product organizations. A security vulnerability exists in Unicom Focal Point version 7.6.1, which stems from an SQL injection in the image parameter during the dele...

6.5CVSS7.8AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/19 12:0 a.m.5 views

IBM Maximo MXAPIASSET API 路径遍历漏洞

The IBM Maximo MXAPIASSET API is a remote asset monitoring application program interface from International Business Machines IBM. A path traversal vulnerability exists in the IBM Maximo MXAPIASSET API version 7.6.1.3, which originates from allowing a remote attacker to view arbitrary files on th...

7.5CVSS6.7AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 4:15 a.m.7 views

CVE-2024-1559

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00415EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.8 views

SUSE CVE-2017-12805

In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service...

3.3CVSS8.9AI score0.02938EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.7 views

Kiteworks MFT 安全漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks MFT that could allow an unauthorized user to reset another user's password. This issue is fixed in version 7.6 and later...

6.5CVSS6.5AI score0.00834EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.10 views

PT-2021-22796 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions prior to 7.6.0 Description: An issue was discovered where the enrollment secret for SCEP, CMP, EST, and Auto-enrollment aliases is reflected on a page, accessible to administrators. Although the secret is hidden from...

3.5CVSS3.8AI score0.00542EPSS
Exploits0References3
CNVD
CNVD
added 2019/10/18 12:0 a.m.15 views

YouPHPTube subscribe.json.php file SQL Injection Vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the /objects/subscribe.json.php file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit th...

8.8CVSS8.2AI score0.01064EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/07/17 12:0 a.m.10 views

PT-2019-17080 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences /../ to view arbitrary files on the system...

7.5CVSS4.8AI score0.02569EPSS
Exploits0References3
Rows per page
Query Builder