Lucene search
K

518 matches found

The Hacker News
The Hacker News
added 4 days ago18 views

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence AI platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 7:18 p.m.10 views

CVE-2026-55196

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...

9.1CVSS0.00579EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.20 views

CVE-2026-10704

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

7.5CVSS7AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

WordPress plugin Hippoo Mobile App for WooCommerce 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

9.8CVSS5.5AI score0.02841EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/04 9:20 a.m.10 views

EUVD-2026-34228

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS5.9AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 7:17 a.m.43 views

CVE-2026-50209 MDM Server Registration Overriding

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

9.3CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 7:52 p.m.26 views

CVE-2026-9141

Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) contains an authentication bypass in its embedded web configuration interface, allowing unauthenticated network attackers to directly request internal pages (e.g., index.zhtml, point.zhtml, log.shtml) and gain full administrative read/write a...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 a.m.8 views

CVE-2026-0242

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS6.1AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 7:4 p.m.7 views

CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS6.1AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:4 p.m.11 views

CVE-2026-0242

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS6.1AI score0.00248EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/08 7:16 a.m.23 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS0.00764EPSS
Exploits3References1
CVE
CVE
added 2026/04/24 12:2 a.m.16 views

CVE-2026-40620

SenseLive X3050 is affected by a network‑accessible vulnerability in its embedded management service that permits full administrative control without authentication or authorization. The issue enables any reachable host using a vendor or compatible client to modify critical configuration paramete...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.6 views

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 5:24 p.m.4 views

GHSA-2GW9-C2R2-F5QF Neko has a Self-service Privilege Escalation for Authenticated Users

Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/21 5:24 p.m.14 views

EUVD-2026-24027

Neko has a Self-service Privilege Escalation for Authenticated Users...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/21 5:24 p.m.12 views

Neko has a Self-service Privilege Escalation for Authenticated Users

Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/04/21 12:50 a.m.35 views

CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

8.8CVSS0.00437EPSS
Exploits0References3
NVD
NVD
added 2026/04/09 3:16 p.m.10 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

4.3CVSS0.00148EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.2AI score0.00148EPSS
Exploits0References3
Rows per page
Query Builder