Lucene search
K

87131 matches found

NVD
NVD
added 2026/04/23 3:37 p.m.6 views

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS0.00972EPSS
Exploits2References5
EUVD
EUVD
added 2026/04/23 3:35 p.m.4 views

EUVD-2025-5343

Cross-Site Request Forgery CSRF vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3...

4.3CVSS7.3AI score0.0016EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/23 3:7 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...

9.8CVSS5.7AI score0.34734EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/23 3:7 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the options/set endpoint. An attacker can set rc.NoAuth=true and override default AuthRequired: true which can lead to unauthorized access to sensitive administrative functionality,...

9.8CVSS5.7AI score0.34734EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/23 3:7 p.m.7 views

Missing Authorization

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Missing Authorization via import flow. An attacker can gain remote code execution using company creation endpoint that improperly checks for admin rights in authenticated mode...

10CVSS6.5AI score0.01972EPSS
Exploits4References2
CVE
CVE
added 2026/04/23 2:56 p.m.10 views

CVE-2026-40471

CVE-2026-40471 affects the Hackage hackage-server where CSRF protection was lacking across endpoints. This could allow forged requests from scripts on foreign sites to abuse latent credentials, potentially uploading packages or performing administrative actions, with some unauthenticated actions ...

9.6CVSS5.8AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:56 p.m.3 views

CVE-2026-40471

hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abus...

9.6CVSS5.8AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/04/23 2:17 p.m.3 views

GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

9.6CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 2:17 p.m.10 views

OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

5.9AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/23 1:44 p.m.24 views

CVE-2026-41460

CVE-2026-41460 (SocialEngine) affects SocialEngine versions 7.8.0 and earlier, with a SQL injection in the /activity/index/get-memberall endpoint. User input passed via the text parameter is not sanitized before being used in a SQL query. An unauthenticated remote attacker can read arbitrary data...

9.8CVSS6.3AI score0.00972EPSS
Exploits2References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 1:44 p.m.3 views

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS6.3AI score0.00972EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/04/23 1:44 p.m.2 views

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS6.5AI score0.00972EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/04/23 1:44 p.m.36 views

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS0.00972EPSS
Exploits2References3
NVD
NVD
added 2026/04/23 7:16 a.m.7 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS0.00144EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 6:17 a.m.30 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:17 a.m.5 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS6AI score0.00144EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 6:17 a.m.3 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS7.3AI score0.00144EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 6:17 a.m.24 views

CVE-2026-34488

Technical details beyond the high-level description are not publicly available in the provided documents. Monitor for updates from the listed references for affected products, vulnerable components, and remediation guidance.

7.3CVSS6AI score0.00144EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 6:0 a.m.29 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 4:15 a.m.4 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder