Lucene search
K

2867 matches found

NVD
NVD
added yesterday7 views

CVE-2026-11988

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS0.00275EPSS
Exploits0References8
Nuclei
Nuclei
added 6 days ago7 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS6.1AI score0.71051EPSS
Exploits5References3
EUVD
EUVD
added last week3 views

EUVD-2026-39413

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added last week5 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.32 views

CVE-2026-10833 Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/21 5:45 a.m.9 views

EUVD-2026-38146

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

8.5CVSS5.3AI score0.00112EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.8 views

Oracle MySQL Server 8.4.x < 8.4.10 (June 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.4.0-8.4.9 and...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 5:36 p.m.7 views

GHSA-94F4-HR76-P5J6 vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.6AI score0.0086EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49882

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTP to compromise th...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.213 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49329

Name of the Vulnerable Software and Affected Versions Benjamin Jonard Koillection version 1.8.0 Description An authenticated Server-Side Request Forgery SSRF exists in the custom scraper subsystem component. This allows attackers to scan internal resources by supplying a crafted URL. SSRF is a fl...

8.1CVSS5.9AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from the ESP-TEE security service wrapper, which only validates the pointer...

7.1CVSS5.3AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:24 p.m.19 views

CVE-2026-47907

Dreamweaver Desktop (Windows/macOS) version 21.7 and earlier is affected by an Improper Access Control vulnerability that permits arbitrary file system read outside the intended scope. The root cause is an access-control weakness that allows an attacker to access sensitive files and directories i...

8.6CVSS6.6AI score0.00168EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

SEMCMS 访问控制错误漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a access control vulnerability, which stems from an unauthorized access vulnerability in the SEMCMScopy.php file...

7.5CVSS5.3AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

Check Point Quantum Security Gateway 授权问题漏洞

Check Point Quantum Security Gateway is a series of enterprise-level security gateway devices developed by the Israeli company Check Point. The Check Point Quantum Security Gateway has an authorization issue vulnerability, which stems from a defect in the certificate verification logic process...

9.3CVSS5.8AI score0.71051EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39593

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

6.5CVSS5.4AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 5:56 p.m.8 views

CVE-2026-45743 Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 3:48 p.m.10 views

OESA-2026-2573 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Incorrect Authorization vulnerability in Erlang OTP ine...

9.8CVSS5.4AI score0.0053EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46318

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.11 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS6.2AI score0.00472EPSS
Exploits0References1
Rows per page
Query Builder