Lucene search
K

6816 matches found

EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43540

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago3 views

EUVD-2026-43545

AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...

4.7CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57390

Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extra Product Options Builder for WooCommerce: from n/a through =...

6.5CVSS0.00332EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43288

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

4.3CVSS6.2AI score0.0014EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-57698

CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...

6.5CVSS6.1AI score0.00356EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday30 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.2AI score0.86706EPSS
Exploits1References2
CVE
CVE
added 2 days ago14 views

CVE-2026-56308

Capgo before 12.128.2 contains an insufficient authentication flaw in the email-change endpoint: an attacker with a valid session cookie or authenticated browser can change the account email without re-authenticating the current password or verifying the existing mailbox. This can enable control ...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-6212

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-6212

CVE-2026-6212 affects Teracity Software Technologies Inc. TeraMIS (versions V03.26.01.14 through 30.04.2026). The issue is an Authorization bypass via a User-Controlled key, enabling Privilege Abuse. Root cause: improper handling of user-controlled keys allows bypassing access controls. CVSSv3.1 ...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42988

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-6212 IDOR in Teracity's TeraMIS

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56675 9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS0.00315EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in eth-react-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbd414dae34760c2eda09d2093a62a14d694f759350676e88229319a16594e78 On require, index.js calls callCallerAsOrigin which spawns lib/caller.js as a detached, stdio-ignored child process spawnprocess.execPath, script,...

6.2AI score
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42921

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56312 Capgo - Account Creation Before CAPTCHA Validation in accept_invitation Endpoint

Capgo before 12.128.2 contains an improper validation vulnerability in the acceptinvitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS0.00275EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-23562 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 5 days ago6 views

A Majority of European Lawmakers Voted Against Letting Big Tech Read Our Messages. They’re Going to Anyway

Companies will once again be allowed to scan citizens’ personal texts, emails, and social media messages via the “Chat Control” bill to find child abuse material online...

5.9AI score
Exploits0
Rows per page
Query Builder