Lucene search
K

2262 matches found

NVD
NVD
added 12 hours ago4 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-15079

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS6.1AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-58590

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-58589 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

0.0018EPSS
Exploits0References1
CVE
CVE
added 3 days ago16 views

CVE-2026-58589

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

5.4CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13241 Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

0.00132EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-13241

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-13239 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

0.00132EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-13239

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.5CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.0018EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

0.00142EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-13237

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-13236

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.2CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-59225

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

6.3CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 4 days ago14 views

CVE-2026-59225

Open WebUI vulnerability CVE-2026-59225 affects versions 0.8.12 up to before 0.10.0. An authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model via task endpoints like /api/v1/tasks/moa/completions. The normal chat flow re-checks submodel ac...

6.3CVSS6AI score0.00211EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago8 views

CVE-2026-59217

Open WebUI prior to version 0.10.0 allowed a metadata.knowledge_id value in file uploads to auto-link files to a knowledge base, bypassing the write-access check on /api/v1/knowledge//file/add. This enabled read-only knowledge-base users to add arbitrary files. The issue is fixed in version 0.10....

4.3CVSS6AI score0.00272EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56583

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A flaw exists where a client can be registered as the configured no auth user via a parser path triggered when the initial client operation is not CONNECT...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder