Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86949 matches found

GithubExploit
GithubExploitadded 2026/05/05 3:6 p.m.77 views

Exploit for CVE-2026-29000

HackTheBox — Principal Difficulty: Medium OS: Linux...

9.3CVSS5.8AI score0.05856EPSS
Exploits17
NVD
NVDadded 2026/05/05 12:16 p.m.12 views

CVE-2026-42433

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...

7.1CVSS0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/05 11:25 a.m.1 views

CVE-2026-43568 OpenClaw 2026.4.5 through 2026.4.9 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to...

7.1CVSS5.8AI score0.00213EPSS
Exploits0References3
CVE
CVEadded 2026/05/05 11:25 a.m.16 views

CVE-2026-43568

OpenClaw is affected: versions 2026.4.5 up to (but not including) 2026.4.10 contain a privilege-escalation flaw in the memory-dreaming configuration. With write-scoped gateway access, an attacker can modify persistent memory dreaming settings via the /dreaming endpoint to escalate privileges (adm...

7.1CVSS5.8AI score0.00213EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/05 11:24 a.m.2 views

CVE-2026-42433

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...

7.1CVSS5.8AI score0.00295EPSS
Exploits0References4
CVE
CVEadded 2026/05/05 11:24 a.m.15 views

CVE-2026-42433

OpenClaw vulnerable before 2026.4.10: an authorization bypass lets an operator.write message-tool path access Matrix profile persistence with admin-level authority. Exploitation would allow non-owner message-tools to mutate persistent profile configuration due to insufficient access controls. Aff...

7.1CVSS5.8AI score0.00295EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/05 9:31 a.m.7 views

EUVD-2026-27235

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References2
NVD
NVDadded 2026/05/05 7:16 a.m.10 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/05 6:22 a.m.11 views

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/05 6:22 a.m.3 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/05 6:21 a.m.2 views

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/05 6:21 a.m.37 views

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS0.00376EPSS
Exploits0References1
NVD
NVDadded 2026/05/05 4:16 a.m.8 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References8
CVE
CVEadded 2026/05/05 3:37 a.m.14 views

CVE-2026-5159

The CVE-2026-5159 entry documents a Stored Cross-Site Scripting flaw in the Royal Addons for Elementor plugin (WordPress). Affected component: the Instagram Feed widget, specifically the instagram_follow_text setting. Root cause: insufficient input sanitization and output escaping in all versions...

6.4CVSS6AI score0.00283EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/05 3:37 a.m.2 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00283EPSS
Exploits0References9
EUVD
EUVDadded 2026/05/05 3:31 a.m.5 views

EUVD-2026-27207

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References8
NVD
NVDadded 2026/05/05 3:15 a.m.8 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/05 2:26 a.m.5 views

CVE-2026-6702 Publish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' Parameter

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References7
CVE
CVEadded 2026/05/05 2:26 a.m.17 views

CVE-2026-6702

The CVE-2026-6702 entry concerns the WordPress plugin Publish 2 Ping.fm (versions

6.1CVSS5.7AI score0.0012EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/05 2:26 a.m.27 views

CVE-2026-5247 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode Attribute

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS0.00274EPSS
Exploits0References4
Rows per page
Query Builder