Lucene search
K

206 matches found

OSV
OSV
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1200 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Summary Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header for example, bork or cnf that strict verifiers reject but Authlib accepts. In...

7.5CVSS6AI score0.00244EPSS
Exploits1References7
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56257

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.10 views

CVE-2026-56257

Capgo (CVE-2026-56257) before 12.128.2 allows an authorization bypass via PostgREST that patches public.apps.owner_org directly, bypassing the transfer_app() workflow and causing split-brain ownership. An attacker can update apps.owner_org while leaving app_versions.owner_org unchanged, allowing ...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38744

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3995

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS5.7AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4091

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.4AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 p.m.4 views

EUVD-2026-22870

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References10
NVD
NVD
added 2026/04/16 7:16 a.m.6 views

CVE-2026-3995

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS0.00345EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.5 views

CVE-2026-3995

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS5.9AI score0.00345EPSS
Exploits0References10
CVE
CVE
added 2026/04/16 6:44 a.m.12 views

CVE-2026-3995

CVE-2026-3995 concerns the OPEN-BRAIN WordPress plugin (versions up to 0.5.0). The vulnerability arises in the API Key settings field, where insufficient input sanitization and output escaping allow an authenticated Administrator to inject stored cross-site scripting payloads. Specifically, sanit...

4.4CVSS5.9AI score0.00345EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.3 views

CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS5.9AI score0.00345EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/16 6:44 a.m.28 views

CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting

The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...

4.4CVSS0.00345EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/04/16 12:47 a.m.6 views

WordPress OPEN-BRAIN plugin <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...

4.4CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33279

Name of the Vulnerable Software and Affected Versions OPEN-BRAIN plugin for WordPress versions prior to 0.5.1 Description Stored Cross-Site Scripting occurs via the 'API Key' settings field due to insufficient input sanitization and output escaping. The plugin utilizes the sanitize text field...

4.4CVSS5.4AI score0.00345EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

WordPress plugin OPEN-BRAIN 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.7AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 9:16 a.m.5 views

CVE-2026-4091

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS0.00211EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.2 views

CVE-2026-4091

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/15 8:28 a.m.32 views

CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS0.00211EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/15 8:28 a.m.2 views

CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References9
CVE
CVE
added 2026/04/15 8:28 a.m.10 views

CVE-2026-4091

The CVE concerns the WordPress OPEN-BRAIN plugin

6.1CVSS5.6AI score0.00211EPSS
Exploits0References9
Rows per page
Query Builder