Lucene search
+L

38 matches found

osv
osv
added 2026/06/23 6:37 p.m.5 views

GHSA-J67X-Q29F-QCVV motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution

Summary The ActionHandler.post method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts PTZ controls, alarm triggers, etc.. Vulnerability Details File:...

5.3CVSS5.9AI score
Exploits0References2
attackerkb
attackerkb
added 2026/06/23 3:35 p.m.5 views

CVE-2026-56693

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References4
euvd
euvd
added 2026/06/23 3:35 p.m.9 views

EUVD-2026-38465

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.7 views

PT-2026-51647

Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description The ActionHandler.post function in the motioneye/handlers/action.py file lacks an authentication decorator. This allows an unauthenticated attacker to trigger camera actions via the /action/camera id/action...

5.3CVSS6.2AI score
Exploits0References8
vulnrichment
vulnrichment
added 2026/06/05 10:28 p.m.9 views

CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00272EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.20 views

PT-2026-40586

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle ajax action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/27 7:23 p.m.10 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS6.9AI score0.06058EPSS
Exploits1References1
nvd
nvd
added 2026/04/25 6:16 p.m.11 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.06058EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/04/25 6:0 p.m.6 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS6.9AI score0.06058EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2026/04/25 6:0 p.m.39 views

CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.06058EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/03/18 12:0 a.m.10 views

WordPress plugin Yoast Duplicate Post 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/01/24 12:27 p.m.5 views

CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS5.9AI score0.00669EPSS
Exploits0References2
nvd
nvd
added 2025/12/16 6:15 a.m.6 views

CVE-2025-13794

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00293EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/12/16 5:25 a.m.2 views

CVE-2025-13794 Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00293EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1623

Malware in sbrugna...

4CVSS6.2AI score0.01813EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27640

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00149EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26595

Malicious code in bioql PyPI...

7.3CVSS6.5AI score0.00077EPSS
Exploits0References2
cvelist
cvelist
added 2025/09/11 7:25 a.m.10 views

CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery

The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...

4.3CVSS0.00149EPSS
Exploits0References3
nvd
nvd
added 2025/09/02 11:15 p.m.5 views

CVE-2025-22439

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00077EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/02 10:11 p.m.2 views

CVE-2025-22439

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.2AI score0.00077EPSS
Exploits0References2
Rows per page
Query Builder