Lucene search
K

71117 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 4:54 p.m.12 views

CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/15 4:39 p.m.16 views

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

8.8CVSS6AI score0.00739EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2026/06/15 4:0 p.m.12 views

What Changed in OWASP Top 10 2025 and Recommendations for Each Category

Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...

5.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/06/15 3:34 p.m.4 views

Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS6.4AI score0.01557EPSS
Exploits3References28
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-5230

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2025-64215

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 1:3 p.m.7 views

EUVD-2025-210138

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 1:3 p.m.34 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 1:3 p.m.18 views

CVE-2025-64215

CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 1:3 p.m.7 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:23 p.m.10 views

CVE-2026-5230

CVE-2026-5230 concerns Mia Technologies’ Pizzy Library, with an improper access control vulnerability affecting 1.0.0.26250 through before 1.3.9.26250. The CVSS 3.1 base metrics indicate a Network attack vector, Low attack complexity, Low privileges required, No user interaction, Unchanged scope,...

7.1CVSS5.3AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:23 p.m.33 views

CVE-2026-5230 Improper Access Control in Mia Technologies' Pizzy Library

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 12:16 p.m.9 views

CVE-2026-34023

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket...

7.1CVSS0.00335EPSS
Exploits1References3
NVD
NVD
added 2026/06/15 12:16 p.m.11 views

CVE-2026-34024

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 12:12 p.m.5 views

USN-8405-2 cups regression

USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during...

6.3AI score
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 a.m.11 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 10:3 a.m.32 views

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/15 10:3 a.m.7 views

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS5.4AI score0.00304EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.9 views

EUVD-2026-36707

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS5.5AI score0.00304EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 10:3 a.m.17 views

CVE-2026-34024

The CVE-2026-34024 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The underling issue is missing authorization checks on multiple web endpoints, allowing an authenticated attacker with low privileges to access endpoints not visible in the frontend but directly ...

8.6CVSS5.5AI score0.00304EPSS
Exploits1References2
Rows per page
Query Builder