Lucene search
K

71101 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.4 views

Fedora 43 : python-django5 (2026-f140cb16b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.12 views

PT-2026-49146

Name of the Vulnerable Software and Affected Versions Moovit Bus & Public Transit App version 1.18 Description A flaw in the com.tranzmate component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to...

5.3CVSS5.8AI score0.00105EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References4
NVD
NVD
added 2026/06/13 10:16 a.m.12 views

CVE-2026-1291

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS0.00214EPSS
Exploits0References6
OSV
OSV
added 2026/06/13 8:58 a.m.12 views

BIT-GITLAB-2026-6269 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...

5.4CVSS5.3AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2026/06/13 8:58 a.m.14 views

BIT-GITLAB-2026-3553 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

3.1CVSS5.4AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/13 8:29 a.m.7 views

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/13 8:16 a.m.18 views

CVE-2026-2470

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

4.3CVSS0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/13 7:51 a.m.26 views

CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

4.3CVSS0.00204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/13 7:51 a.m.7 views

CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 7:51 a.m.13 views

EUVD-2026-36647

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

5.3CVSS5.4AI score0.00297EPSS
Exploits0References2
CVE
CVE
added 2026/06/13 7:51 a.m.23 views

CVE-2026-2470

The CVE concerns the WordPress Page Builder: Pagelayer plugin (

4.3CVSS5.5AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36603

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36621

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36622

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36616

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...

8.8CVSS5.5AI score0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49084

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/12 11:53 p.m.68 views

kiro-cybersecurity-skills

CyberSecurity Skills A collection of 15 security workflows co...

5.5AI score
Exploits0
Mageia
Mageia
added 2026/06/12 11:28 p.m.11 views

Updated cups packages fix security vulnerabilities

CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...

7.8CVSS5.7AI score0.00502EPSS
Exploits7References11
OSV
OSV
added 2026/06/12 11:28 p.m.10 views

MGASA-2026-0201 Updated cups packages fix security vulnerabilities

CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...

7.8CVSS5.7AI score0.00502EPSS
Exploits7References12
Rows per page
Query Builder