Lucene search
+L

4989 matches found

Cvelist
Cvelist
added 2026/07/11 3:44 a.m.32 views

CVE-2026-6803 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup' and 'clear'

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS0.00297EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43090

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

6.1AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00414EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 11:16 p.m.7 views

CVE-2026-15087

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

5.9CVSS0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 11:16 p.m.6 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:58 p.m.17 views

CVE-2026-11915

The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...

5.9CVSS6.1AI score0.00192EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.27 views

FTP Fetch, Windows Command Shell, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source:...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.25 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.26 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

5.5AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.30 views

FTP Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source:...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.24 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.30 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.34 views

FTP Fetch, Windows shellcode stage, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.25 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2026/07/10 4:48 p.m.32 views

CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 3:16 p.m.7 views

CVE-2026-56765

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 1:57 p.m.30 views

CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 7:48 a.m.32 views

CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
Rows per page
Query Builder