Lucene search
K

33550 matches found

EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-43596

SAP Change and Transport System Attach Tool ctsattach allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution RCE on the system. Successful exploitation...

7.6CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS6.1AI score0.00132EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday18 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS7AI score0.06441EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday53 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6.1AI score0.73635EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday10 views

LG LED Assistant - Unauthenticated Password Reset

The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...

9.8CVSS6.1AI score0.51001EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday8 views

LatePoint <= 5.0.11 - SQL Injection

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS6.1AI score0.02823EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday33 views

ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API

changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...

5.4CVSS6AI score0.00441EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.2AI score0.02145EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday138 views

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

6.1CVSS6.5AI score0.10358EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday25 views

WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

9.8CVSS7.1AI score0.16408EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.8CVSS6.8AI score0.00165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.2AI score0.00132EPSS
Exploits0References7
OSV
OSV
added 2 days ago4 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-56308

Capgo before 12.128.2 contains an insufficient authentication flaw in the email-change endpoint: an attacker with a valid session cookie or authenticated browser can change the account email without re-authenticating the current password or verifying the existing mailbox. This can enable control ...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-15479

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43201

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15479

The vulnerability CVE-2026-15479 affects H3C NX15 V100R017. The vulnerable component is the Administrator Password Modification Endpoint, specifically the change_passwd function at /api/login/modify. Manipulating the newPass parameter results in weak password recovery. The issue can be exploited ...

7.5CVSS6.6AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-57524

Name of the Vulnerable Software and Affected Versions H3C NX15 version V100R017 Description A flaw exists in the Administrator Password Modification Endpoint within the change passwd function of the '/api/login/modify' endpoint. Remote manipulation of the newPass argument can lead to weak passwor...

7.5CVSS7AI score0.00278EPSS
Exploits0References8
Rows per page
Query Builder