Lucene search
+L

2640 matches found

nuclei
nuclei
added yesterday9 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6.1AI score0.02002EPSS
Exploits0References3
nuclei
nuclei
added yesterday100 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6.1AI score0.01959EPSS
Exploits0References2
nvd
nvd
added 4 days ago4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
vulnrichment
vulnrichment
added 4 days ago4 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References1
cve
cve
added 4 days ago9 views

CVE-2026-22093

CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago30 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
osv
osv
added 6 days ago3 views

MINI-2Q8W-CM8V-7H58

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
cvelist
cvelist
added last week32 views

CVE-2026-57574 Misskey: TOTP tokens can be reused

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS0.0034EPSS
Exploits0References4
nvd
nvd
added 2026/07/06 10:16 p.m.8 views

CVE-2026-43927

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS0.0022EPSS
Exploits0References1
nvd
nvd
added 2026/07/06 10:16 p.m.8 views

CVE-2026-43925

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS0.00298EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 9:41 p.m.36 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS0.00298EPSS
Exploits0References1
cve
cve
added 2026/07/06 9:41 p.m.11 views

CVE-2026-43925

FOSSBilling (open-source billing/client management) contains an unauthenticated mass assignment vulnerability in the client self-registration endpoint, prior to version 0.8.0. An attacker can assign themselves to an arbitrary client group during sign-up, potentially bypassing group-restricted pro...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/06 9:41 p.m.7 views

CVE-2026-43925

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/06 9:41 p.m.4 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/06 8:36 p.m.35 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/07/06 8:36 p.m.8 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
osv
osv
added 2026/07/06 8:36 p.m.4 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References6
euvd
euvd
added 2026/07/06 7:27 p.m.6 views

EUVD-2026-24965

chmod: recursive mode returns exit code 0 even when some files fail last-file-wins...

5.5CVSS6AI score0.00143EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-56031

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A race condition in the cart checkout flow allows an authenticated client to apply a promo code more times than its configured maximum limit. By sending concurrent checkout requests before the...

6.9CVSS6AI score0.0022EPSS
Exploits0References5
Rows per page
Query Builder