Lucene search
K

162702 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43628

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago7 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin prior to 3.1.1.2. The root cause is that the plugin does not verify that the email address used during the two-factor authentication setup belongs to the user. As a result, an attacker who has a user’s credentials can redirect the setup verificat...

6.1AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added yesterday14 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday10 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS5.5AI score0.00338EPSS
Exploits0Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-57786

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57697

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00477EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-15557

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-43299

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References8
CVE
CVE
added yesterday8 views

CVE-2026-15557

CVE-2026-15557 affects waooAI waoowaoo up to version 0.4.1. The vulnerability resides in the Internal Task Header Handler’s API-auth logic (functions getInternalTaskSession, getAuthSession, requireUserAuth, requireProjectAuth, requireProjectAuthLight in src/lib/api-auth.ts). Malicious manipulatio...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-22099

CVE-2026-22099 affects a charging station where Bluetooth commands do not require authentication. This leads to exposure of sensitive information, potential reboot triggering, and the ability to push a firmware update URL via Bluetooth. The issue is described with high impact on confidentiality, ...

8.7CVSS6.1AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-22096

CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57786

CVE-2026-57786 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WorkScout-Core (purethemes WorkScout-Core) that allows authentication bypass. Affected versions are WorkScout-Core up to and including 1.7.08. The connected sources (NVD and CVE records) confirm the...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57786 WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00231EPSS
Exploits0References1
Rows per page
Query Builder