Lucene search
+L

2512 matches found

Nuclei
Nuclei
added 9 hours ago36 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS5.8AI score0.03779EPSS
Exploits1References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-44916

HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive...

3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2 days ago25 views

CVE-2026-52887

NocoBase before version 2.0.61 is affected by CVE-2026-52887 due to a SQL injection in the in-app notification plugin. The flaw occurs in GET /api/myInAppChannels:list where filter[latestMsgReceiveTimestamp][$lt] is interpolated into a Sequelize.literal() without escaping or parameter binding, en...

10CVSS6.2AI score0.00593EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43311

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-10103

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-10085

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-10106 Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-10103

Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...

4.3CVSS6.2AI score0.00145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-10103 Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS0.00145EPSS
Exploits0References1
Circl
Circl
added 5 days ago9 views

CVE-2024-1065

creationtimestamp| type| source ---|---|--- 2026-07-12 06:00:04+00:00| published-proof-of-concept| https://t.me/cKure/16512 2026-07-12 07:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88211 2026-07-13 00:00:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/882...

5.9CVSS6.4AI score0.0021EPSS
Exploits0References2
CVE
CVE
added last week16 views

CVE-2026-57215

RabbitMQ vulnerability CVE-2026-57215 affects the broker’s binding logic for amq.rabbitmq.reply-to destinations. Before fixes, volatile direct-reply-to queues could be bound and routed even if not properly checked by Khepri-backed deletion checks, leaving persistent route entries after unbind. Af...

8.8CVSS6.1AI score0.00349EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-55671 ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 4:57 p.m.33 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS0.00255EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 4:57 p.m.5 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS6.1AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-57043

Name of the Vulnerable Software and Affected Versions rattler cache affected versions not specified py-rattler affected versions not specified Description These components are susceptible to package-cache path traversal when processing package metadata from conda channels. During cache...

5.4CVSS6.1AI score0.00033EPSS
Exploits0References7
NVD
NVD
added 2026/07/07 4:16 p.m.9 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/07 3:9 p.m.5 views

EUVD-2026-42049

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7
CVE
CVE
added 2026/07/07 3:9 p.m.17 views

CVE-2026-56811

The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/07 3:9 p.m.7 views

EEF-CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll...

8.7CVSS6AI score0.0042EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/07 3:9 p.m.34 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
Rows per page
Query Builder