Lucene search
K

740 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6AI score0.00301EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42625

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3
NVD
NVD
added last week7 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS0.00593EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 8:9 a.m.4 views

CVE-2026-48206 Apache Camel JIRA: A set of non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to drive arbitrary JIRA issue operations using the endpoint's configured credentials

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

5.3CVSS6.2AI score0.00349EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40414

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score0.00437EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 4:28 a.m.23 views

CVE-2026-10593

The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/24 6:32 p.m.5 views

DRUPAL-CONTRIB-2026-051

This module enables you to collect feedback from your site visitors on content pages, presenting Yes/No buttons and providing dashboards for administrators to review the responses. The module doesn't sufficiently sanitize several administrator-configured response messages the "Yes response", "No...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:3 p.m.6 views

GHSA-5C3F-6486-3G7G Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES

Summary Password-reset tokens are generated using conf.Auth.ActivateCodeLives the account-activation lifetime, not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making...

6.8CVSS6.1AI score0.00202EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 4:59 p.m.4 views

CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References6
OSV
OSV
added 2026/06/19 2:16 p.m.1 views

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50974

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...

6.8CVSS5.8AI score0.00301EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/18 5:34 a.m.11 views

EUVD-2026-37847

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

5.3CVSS5.5AI score0.00352EPSS
Exploits0References10
CVE
CVE
added 2026/06/18 5:34 a.m.23 views

CVE-2026-12093

The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...

5.3CVSS5.5AI score0.00352EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/17 6:1 p.m.15 views

Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter

Summary Several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access control on these routes validates only whether the user may use the requested model, never which backend the...

6.3CVSS5.6AI score0.0021EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-69189

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.32 views

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

9.8CVSS0.02865EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-49063

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.33.8 Description When a shell interpreter is configured, the command allowlist can be bypassed using shell metacharacters. The system validates only the first token of user input, while the entire raw string is...

8.7CVSS6AI score0.00323EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder