Lucene search
K

4545 matches found

Nuclei
Nuclei
added 7 hours ago30 views

WP Directory Kit <= 1.4.4 - Authentication Bypass

The WP Directory Kit plugin for WordPress version 1.4.4 and below contains an authentication bypass vulnerability in its auto-login functionality. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting a cryptographically weak token generation mechanism tha...

10CVSS7AI score0.0472EPSS
Exploits3References4
Nuclei
Nuclei
added 7 hours ago59 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-48351

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday21 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57524

Name of the Vulnerable Software and Affected Versions H3C NX15 version V100R017 Description A flaw exists in the Administrator Password Modification Endpoint within the change passwd function of the '/api/login/modify' endpoint. Remote manipulation of the newPass argument can lead to weak passwor...

7.5CVSS7AI score0.00278EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43149

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 6 days ago7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

0.0036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 4:30 a.m.8 views

CVE-2026-14487

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References7
CVE
CVE
added 2026/07/07 4:39 p.m.9 views

CVE-2026-13020

CVE-2026-13020 affects Esri Portal for ArcGIS up to version 12.1 on Windows, Linux, and Kubernetes. A weak password-recovery mechanism lets a remote, unauthenticated attacker potentially take ownership of a user account by manipulating the recovery flow. The vulnerability’s impact is described as...

9.8CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 4:39 p.m.7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 9:26 a.m.7 views

EUVD-2026-42032

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 3:25 p.m.8 views

CVE-2026-5268 SFTP Server Authentication Weakness

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

6AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/05 10:15 a.m.6 views

EUVD-2026-41746

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...

6.3CVSS5.2AI score0.00208EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/07/04 7:0 p.m.8 views

CVE-2026-14647

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.5AI score0.00253EPSS
Exploits0
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the STARTTLS process. An attacker can compromise the security of the TLS connection by exploiting a scenario where a new transfer reuses an existing live connection despite a mismatch in TLS...

9.1CVSS6AI score0.0052EPSS
Exploits1References2
Rows per page
Query Builder