Lucene search
K

2910 matches found

CVE
CVE
added yesterday21 views

CVE-2026-48758

CVE-2026-48758 affects sigstore-js with a flaw in the preAuthEncoding function in @sigstore/core: it uses Node.js ASCII encoding when converting PAE strings to bytes, allowing payloadType to be mutated after signing without invalidating the DSSE signature. The issue is fixed in @sigstore/core ver...

5.4CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday31 views

CVE-2026-45077

CVE-2026-45077 concerns Symfony’s server:log listener (part of Symfony\Bridge\Monolog) which binds to 0.0.0.0:9911 by default and processes each frame with unserialize(base64_decode($message)) without authentication or an allowed-classes allowlist. This permits any reachable host to submit attack...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-52841

Easy!Appointments before 1.6.0 is vulnerable to an Authorization bypass in Google OAuth provider binding. The issue: in Google::oauth (application/controllers/Google.php:278), the provider_id supplied in the request is stored in the session and oauth_callback saves the Google OAuth token against ...

3.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

0.00171EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-56241

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS0.00211EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43224

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 3 days ago16 views

CVE-2026-56241

Capgo (pre-12.128.2) contains a privilege-escalation vulnerability where demoted super_admin users retain access to RPCs delete_non_compliant_bundles and count_non_compliant_bundles due to a stale org_users.user_right value not being cleared when a role binding is deleted. This allows an attacker...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

7CVSS0.00349EPSS
Exploits1References6
OSV
OSV
added 5 days ago2 views

CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

7CVSS6.1AI score0.00349EPSS
Exploits1References8
NVD
NVD
added 5 days ago7 views

CVE-2026-55478

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS0.00175EPSS
Exploits0References3
Metasploit
Metasploit
added 5 days ago15 views

FTP Fetch, Linux x64 Command Shell, Bind TCP Inline (IPv6)

Fetch and execute an x64 payload from an FTP server. Listen for an IPv6 connection and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x64/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf payloadshellbindipv6tcp...

6.2AI score
Exploits0
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 5 days ago31 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
OSV
OSV
added 5 days ago2 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References7
NVD
NVD
added 5 days ago6 views

CVE-2026-12597

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57261

Name of the Vulnerable Software and Affected Versions Prowler versions prior to 5.30.3 Description The SAML authentication flow trusts the email domain asserted in a SAMLResponse to determine the recipient tenant of the final token. Additionally, the ACS finish logic in the endpoint...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57269

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An authorization flaw exists in the IT asset and license management system. The endpoint "/api/v1/kits/kit id/licenses" verifies if the user has permissions to edit kits but fails to authorize acces...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References9
Rows per page
Query Builder