Lucene search
K

12761 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49322

Name of the Vulnerable Software and Affected Versions impworks Bonsai version 6.0 Description Incorrect access control allows authenticated attackers with Editor privileges to escalate their privileges to Administrator. This can lead to unauthorized changes to accounts, passwords, and system...

8.1CVSS5.9AI score0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/13 8:29 a.m.8 views

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.27 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 7:16 a.m.16 views

CVE-2026-12059

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:30 a.m.13 views

EUVD-2026-36389

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS5.5AI score0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:30 a.m.36 views

CVE-2026-12059 Cellopoint|CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS0.0045EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:30 a.m.8 views

CVE-2026-12059 Cellopoint|CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS5.5AI score0.0045EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48842

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:19 p.m.14 views

CVE-2026-45178

CVE-2026-45178 affects Idira Secrets Manager Self-Hosted up to version 13.8.0, where improper access control exists in internal cluster endpoints. A remote, authenticated attacker with standard node-level credentials could exploit these endpoints to retrieve unauthorized secrets or trigger a deni...

8.4CVSS5.5AI score0.00361EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/11 2:47 p.m.11 views

EUVD-2026-36254

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

IBM Langflow Desktop 代码问题漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.9.2 of IBM Langflow Desktop have code vulnerabilities. These vulnerabilities are due to susceptibility to server-side request forgeing attacks, which may allow authenticated attackers ...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 7:50 a.m.15 views

EUVD-2026-35995

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

6.4CVSS5.1AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

TP-LINK Archer 操作系统命令注入漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 7:17 p.m.13 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS0.00248EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/09 6:40 p.m.13 views

Flaws hidden in Microsoft Dynamics

Microsoft has identified a vulnerability in Dynamics on-premise. A malicious individual could exploit this vulnerability to gain increased privileges on the system. It is possible for a malicious person to gain privileges as a System Administrator. For successful exploitation, the malicious...

8.8CVSS5.5AI score0.0063EPSS
Exploits0
EUVD
EUVD
added 2026/06/09 6:31 p.m.12 views

EUVD-2026-35704

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

7.7CVSS5.5AI score0.00421EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 4:46 p.m.93 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS0.00945EPSS
Exploits0References4
Rows per page
Query Builder