Lucene search
K

87065 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 7:0 p.m.4 views

CVE-2026-35063

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS5.9AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 7:0 p.m.18 views

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 6:35 p.m.16 views

CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS0.00584EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:35 p.m.2 views

CVE-2026-39912

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS6AI score0.00584EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 6:35 p.m.1 views

CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS5.9AI score0.00584EPSS
Exploits1References8
EUVD
EUVD
added 2026/04/09 6:31 p.m.3 views

EUVD-2025-209388

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

6AI score0.00138EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/09 5:35 p.m.7 views

OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement

Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/09 5:35 p.m.3 views

GHSA-5WJ5-87VQ-39XM OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement

Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...

7.8CVSS5.8AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 5:16 p.m.13 views

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

4.3CVSS0.00208EPSS
Exploits1References3
NVD
NVD
added 2026/04/09 4:16 p.m.4 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.4CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 4:14 p.m.4 views

EUVD-2026-20954

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

2.3CVSS6AI score0.00208EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 4:14 p.m.14 views

CVE-2026-39957

Lychee (open-source photo manager) prior to version 7.5.4 is affected by a SQL operator-precedence bug in SharingController::listAll() that causes the orWhereNotNull('user_group_id') clause to bypass the ownership filter within the when() block. This allows any authenticated non-admin user with u...

4.3CVSS6AI score0.00208EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/09 3:35 p.m.5 views

EUVD-2026-20906

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

7.1AI score0.00597EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 3:16 p.m.10 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

4.3CVSS0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 2:25 p.m.20 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 2:25 p.m.4 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

7.1AI score0.00597EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:22 p.m.2 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

7.1AI score0.00613EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/09 11:9 a.m.196 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS7.6AI score0.97875EPSS
Exploits41
OSV
OSV
added 2026/04/09 10:16 a.m.2 views

DEBIAN-CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.3AI score0.00274EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/09 10:16 a.m.1 views

CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.8AI score0.00274EPSS
Exploits1References3
Rows per page
Query Builder