Lucene search
K

7042 matches found

CVE
CVE
added yesterday10 views

CVE-2026-55076

Coder’s CVE-2026-55076 describes an OIDC callback flaw where the email_verified claim was checked with a direct Go bool assertion. If an IdP returns a non-boolean value (e.g., "false") or omits the claim, the check can pass incorrectly, in combination with an unconditional email-based account fal...

7.4CVSS6AI score
Exploits0References7
CVE
CVE
added yesterday10 views

CVE-2026-55075

Coder’s OIDC login flaw leads to account takeover via email-based user matching and improper handling of email_verified. Before versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two issues exist: (1) email-based matching could link by email without confirming an existing link to a different IdP subjec...

7.4CVSS6AI score
Exploits0References7
NVD
NVD
added yesterday5 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday36 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday67 views

Flowise <= 3.0.5 - Account Takeover

Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...

9.8CVSS6.8AI score0.50118EPSS
Exploits14References2
Nuclei
Nuclei
added yesterday55 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2776 info: name: SysAid On-Prem = 23.3.40 - XML External Enti...

9.8CVSS7.4AI score0.72971EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday87 views

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

9.8CVSS7.5AI score0.18241EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday77 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS7AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday73 views

ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...

8.1CVSS7.3AI score0.0852EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday49 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.4AI score0.03521EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday32 views

Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation

Apache StreamPipes from version 0.69.0 through 0.93.0 uses a cryptographically weak Pseudo-Random Number Generator PRNG in the recovery token generation mechanism. Given a valid token it's possible to predict all past and future generated tokens. id: CVE-2024-29868 info: name: Apache StreamPipes ...

9.1CVSS5.9AI score0.05995EPSS
Exploits1References4
CVE
CVE
added yesterday7 views

CVE-2026-13020

The CVE-2026-13020 entry describes a vulnerability in Esri Portal for ArcGIS (versions 12.1 and earlier) where a weak password recovery mechanism can let a remote, unauthorized attacker take ownership of a user account by manipulating the recovery flow. Affected environments include Windows, Linu...

8.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-13020 Weak Password Recovery Mechanism in Portal for ArcGIS

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS
Exploits0References1
OSV
OSV
added yesterday3 views

GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder

Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References3
OSV
OSV
added yesterday3 views

GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder

Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...

7.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-34171

CVE-2026-34171 affects Coolify prior to 4.0.0-beta.471. The issue is a CSRF-like, state-changing vulnerability on a GET endpoint: GET /invitations/{uuid} can reset the user password to an attacker-known value if a victim visits a crafted invitation URL. This is due to a password-reset being trigg...

8CVSS6AI score0.00146EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS0.00146EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-41984

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
CVE
CVE
added 2 days ago12 views

CVE-2026-53646

CVE-2026-53646 affects FOSSBilling 0.5.6–0.7.2, where a ClientPasswordReset record from a prior unexpired request causes subsequent reset_password calls to reuse the original token. The 15-minute validity window is tied to the first request’s created_at, not the latest email, allowing an attacker...

7.7CVSS6AI score0.00215EPSS
Exploits1References1
Rows per page
Query Builder