Lucene search
+L

408 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 8:48 p.m.12 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References11
NVD
NVD
added 2026/05/19 2:16 p.m.25 views

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS0.00401EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 8:26 p.m.13 views

GHSA-8JJP-R2W2-4V22 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/taskid methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...

3CVSS5.8AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/05/10 12:43 p.m.20 views

CVE-2021-47931

Exponent CMS 2.6 is affected by a stored cross-site scripting (XSS) vulnerability in the text editing endpoint, exploitable via Title and Text Block parameters. Attackers with authentication can inject scripts (e.g., iframe payloads with embedded SVG onload events) to run arbitrary JavaScript. Th...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:35 a.m.11 views

EUVD-2026-28507

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.8CVSS6AI score0.80188EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/28 9:15 p.m.6 views

EUVD-2026-26142

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...

9.2CVSS5.6AI score0.00433EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 9:15 p.m.27 views

CVE-2026-41446

The affected product is the Snap One WattBox 800 and 820 series running firmware

9.8CVSS5.6AI score0.00433EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

Yadea T5 Electric Bicycles 安全漏洞

Yadea T5 Electric Bicycles is a lightweight electric bicycle designed for urban commuting by Yadea Company. The Yadea T5 Electric Bicycles have a security vulnerability, which stems from a weak authentication mechanism in the keyless entry system. By using the fixed code RF protocol, local...

7.3CVSS5.9AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34802

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...

9.2CVSS5.7AI score0.00518EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 9:31 a.m.8 views

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References8
RubySec
RubySec
added 2026/04/22 12:0 a.m.9 views

OpenC3 COSMOS - Hijacked session token can be used to reset password for persistence

Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.9 views

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from operations on the file...

7.5CVSS7.2AI score0.00391EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 11:16 p.m.5 views

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

8.1CVSS0.004EPSS
Exploits1References2
NVD
NVD
added 2026/04/14 9:16 a.m.9 views

CVE-2026-24032

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...

7.3CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:40 a.m.5 views

CVE-2026-24032

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...

7.3CVSS5.8AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:40 a.m.4 views

CVE-2026-24032

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...

7.3CVSS5.8AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 6:19 a.m.3 views

CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.2AI score0.0054EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/26 9:42 p.m.10 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the gateway.trustedProxies process. An attacker can impersonate the client origin by sending spoofed loopback hops in forwarding headers, which may weaken downstrea...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/22 12:15 p.m.4 views

CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

6.3CVSS5.1AI score0.00534EPSS
Exploits1References8
Rows per page
Query Builder