Lucene search
K

1706 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15753

CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...

5.5CVSS5.9AI score
Exploits0References7
CVE
CVE
added yesterday7 views

CVE-2026-15625

The vulnerability CVE-2026-15625 affects nextlevelbuilder GoClaw 3.11.3. It targets the function ExecApprovalManager.CheckCommand in internal/tools/exec_approval.go, causing an incomplete blacklist. This enables a remote attack and has a publicly available exploit, with PoC maturity. Impact metri...

6.5CVSS6.4AI score0.0028EPSS
Exploits0References12
EUVD
EUVD
added yesterday5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2946 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

5.5CVSS6.3AI score0.00116EPSS
Exploits0References7
PyPA
PyPA
added 2 days ago6 views

PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

SummaryThe approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely. Combin...

6.8CVSS6.3AI score0.00116EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-12396 WP Job Portal < 2.5.5 - Subscriber+ Arbitrary Job Approval, Featuring and Rejection

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level self-registerable account to approve, feature, or reject arbitrary jobs, including those owned by other user...

0.0017EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-6939

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approvalcode' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00324EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-6939 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Stored Cross-Site Scripting via 'approval_code' Parameter

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approvalcode' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00324EPSS
Exploits0References11
CVE
CVE
added 4 days ago23 views

CVE-2026-6939

The CVE-2026-6939 entry concerns the CorvusPay WooCommerce Payment Gateway for WordPress. It is vulnerable to Unauthenticated Stored Cross-Site Scripting via the approval_code parameter in all versions up to 2.7.4 due to insufficient input sanitization and output escaping. An unauthenticated REST...

7.2CVSS6.2AI score0.00324EPSS
Exploits0References11
CVE
CVE
added 4 days ago11 views

CVE-2026-7559

Technical details beyond what is in the Initial Description are not publicly provided in the connected documents. Monitor for updates to affected versions, remediation status, and exploit information.

4.3CVSS6.1AI score0.00304EPSS
Exploits0References12
NVD
NVD
added 5 days ago7 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 5 days ago8 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42941

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References6Affected Software1
OSV
OSV
added 5 days ago1 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58424

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58424

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder