Lucene search
K

6249 matches found

Cvelist
Cvelist
added 2026/06/22 8:10 a.m.40 views

CVE-2025-4994 Authentication Bypass for SafeLine SL6 and SL6+

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:10 a.m.5 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 8:10 a.m.20 views

CVE-2025-4994

CVE-2025-4994 affects SafeLine SL6 and SL6+ devices used in elevator emergency intercoms. A BLE-facing authentication bypass allows an attacker within wireless range to obtain unauthorized administrative access to the device configuration. Documented impact includes high affects on confidentialit...

8.7CVSS5.9AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 3:16 a.m.15 views

CVE-2026-8918

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash BSOD by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

7.1CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.30 views

CVE-2026-56381 Craft CMS - Stored XSS via User Group Name in User Permissions Page

Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other...

4.8CVSS0.00148EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.21 views

CVE-2026-56381

Craft CMS (version 5.0.0-RC1) has a stored XSS vulnerability in the User Permissions page. The issue arises because user group names are rendered without HTML escaping, allowing attackers with admin access to inject arbitrary JavaScript via the user group name field. The injected script executes ...

4.8CVSS5.8AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.28 views

CVE-2026-56251 Capgo - Privilege Escalation via Broken Row Level Security in org_users

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38168

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51229

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 and later Description A stored cross-site scripting issue exists in the User Permissions page. The software fails to properly perform HTML escaping when rendering user group names. This allows attackers with...

4.8CVSS5.8AI score0.00148EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 2:16 p.m.11 views

CVE-2020-37255

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

8.7CVSS0.00398EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 1:36 p.m.28 views

CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

8.7CVSS0.00398EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 1:36 p.m.30 views

CVE-2020-37255

CVE-2020-37255 affects WordPress Time Capsule Plugin version 1.21.16. The vulnerability is an authentication bypass that lets unauthenticated attackers craft a POST request containing the IWP_JSON_PREFIX header to obtain a valid administrator session cookie and gain access to the WordPress dashbo...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 11:49 a.m.9 views

EUVD-2026-38008

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS5.8AI score0.00416EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.17 views

CVE-2026-7547

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS0.00397EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-7547

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS6AI score0.00397EPSS
Exploits0References9
NVD
NVD
added 2026/06/18 6:16 a.m.12 views

CVE-2026-11777

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00355EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 5:34 a.m.11 views

EUVD-2026-37846

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:31 a.m.6 views

CVE-2026-11777

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/17 10:14 p.m.28 views

CVE-2026-54445 Vantage6: Set admin user and password from environment or configuration

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

6.9CVSS0.00292EPSS
Exploits0References3
Rows per page
Query Builder