Lucene search
K

1895 matches found

EUVD
EUVD
added 2026/06/02 12:31 a.m.16 views

EUVD-2026-33851

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 12:16 a.m.19 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45882

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...

6.5CVSS5.8AI score0.00276EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-45713

Name of the Vulnerable Software and Affected Versions Laiser Tag versions prior to 1.2.6 Description The Laiser Tag plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing or incorrect...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 11:28 p.m.12 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 11:28 p.m.37 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 11:28 p.m.31 views

CVE-2026-9048

The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.12 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45666

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 10:16 p.m.23 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 9:19 p.m.37 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 9:19 p.m.12 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44998

Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 4:51 p.m.19 views

CVE-2026-45296

OpenReplay before 1.26.0 exposes cross-tenant risks via the Python API app_apikey routes that trust a caller-provided projectKey after validating only the API key and existence of the projectKey. The authorization flow fails to bind the authenticated API key to the correct tenant, enabling an att...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:51 p.m.32 views

CVE-2026-45296 OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant binding

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several appapikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

7.7CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.24 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 9:34 p.m.20 views

CVE-2026-44213

The CVE affects the OpenTelemetry.Exporter.Instana NuGet package. Before version 1.1.0, when INSTANA_ENDPOINT_PROXY is set, the Transport.ConfigureBackendClient() code creates an HttpClient that disables TLS certificate validation, allowing a network attacker to perform a MitM on the proxy and re...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 9:34 p.m.13 views

EUVD-2026-32014

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:34 p.m.9 views

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder