Lucene search
K

2988 matches found

EUVD
EUVD
added 2026/06/05 6:31 p.m.13 views

EUVD-2026-34887

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.8 views

CVE-2026-10580

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.51 views

📄 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc.js that takes a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default...

6.9CVSS5.7AI score0.00294EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46316

Name of the Vulnerable Software and Affected Versions NAVTOR NavBox versions prior to 4.16.1.21 Description The software contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. When SOAP functionality is enabled, a local attacker can extract these...

6.3CVSS5.5AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 2:16 p.m.13 views

CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

8.2CVSS0.00442EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 12:48 p.m.9 views

USN-8366-1 luanti vulnerabilities

It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...

9.3CVSS6.1AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:29 p.m.10 views

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.13 views

CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:44 a.m.13 views

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/28 3:44 a.m.11 views

EUVD-2026-32709

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Nautobot 安全漏洞

Nautobot is a web-based automation platform developed by the Nautobot team. Versions of Nautobot prior to 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from users who had permission to add/modify GitRepository records being able to directly set the currenthead...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 7:16 p.m.13 views

EUVD-2026-32636

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

8.7CVSS5.9AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:35 p.m.10 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/27 7:45 a.m.12 views

EUVD-2026-32115

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 资源管理错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 9:3 p.m.13 views

EUVD-2026-32001

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 8:59 p.m.37 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 8:59 p.m.10 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 p.m.21 views

CVE-2026-48135

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

5.3CVSS0.02607EPSS
Exploits0References1
Rows per page
Query Builder