Lucene search
K

61552 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS0.00166EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41572

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00276EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

5.9AI score0.00166EPSS
Exploits0References5
CVE
CVE
added 5 days ago57 views

CVE-2026-22555

CVE-2026-22555 affects Gitea before 1.26.0. The vulnerability arises because the API endpoint POST /api/v1/repos/{owner}/{repo}/forks does not enforce CanCreateOrgRepo for organization forks, only IsOrgMember, enabling a user in a read-only team to create an org-repo fork. The fork creator gains ...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 5 days ago6 views

Microsoft Edge for Android Remote Code Execution Vulnerability

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00276EPSS
Exploits0
Nuclei
Nuclei
added 5 days ago1413 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added 5 days ago10 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS7.4AI score0.70099EPSS
Exploits5References3
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59234 Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-59234

This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)->delete(...

6.9CVSS6AI score0.00403EPSS
Exploits0References3
NVD
NVD
added 5 days ago10 views

CVE-2026-4967

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed...

7.5CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-9180

The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is due to the POST /motopress/appointment/v1/bookings REST endpoint being registered with 'permissioncallback' = 'returntrue',...

5.3CVSS0.00342EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-4967

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed...

7.5CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41496

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-4967

In IMS, this CVE-2026-4967 describes a possible out-of-bounds read caused by a missing bounds check, which could lead to remote denial of service without extra privileges. The NVD and CVE records confirm the issue and provide a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector and no u...

7.5CVSS6AI score0.00403EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-4967

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 5 days ago16 views

CVE-2026-9180

MotoPress Appointment Booking for WordPress (versions up to 2.4.4) is vulnerable to an Authorization Bypass via a user-controlled booking_id. The REST endpoint POST /motopress/appointment/v1/bookings is registered with a permissive permission_callback (return_true ), and createBooking() loads the...

5.3CVSS5.7AI score0.00342EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References8
Rows per page
Query Builder