Lucene search
K

1755 matches found

RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
Wired Threat Level
Wired Threat Level
added 2026/06/02 6:0 p.m.31 views

Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling

Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/01 2:24 p.m.16 views

praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

5.8AI score0.00041EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45485

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/28 4:54 p.m.82 views

project_hydra

Project HYDRA Automated vulnerability discovery & exploitat...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/05/28 2:13 p.m.37 views

CVE-2026-35675 phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS0.00324EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.20 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/27 10:1 a.m.18 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/26 11:10 p.m.15 views

yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

8.6CVSS6.3AI score0.00139EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/26 11:10 p.m.8 views

GHSA-VV9J-GJW2-J8WP yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

8.6CVSS6.3AI score0.00139EPSS
Exploits1References3
NVD
NVD
added 2026/05/26 6:16 p.m.18 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 5:10 p.m.39 views

CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 11:9 a.m.16 views

CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.20 views

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

4.6CVSS5.7AI score0.00136EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/21 8:43 p.m.10 views

GHSA-VR9V-27GG-QGX4 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

4.6CVSS5.7AI score0.00136EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/21 8:43 p.m.9 views

Cross-site Scripting (XSS)

Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confirmation dialog element. An attacker can execute arbitrary scripts in the context of the affected application ...

4.8CVSS5.8AI score0.00136EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/21 8:22 a.m.10 views

Android App "RoboForm Password Manager" insufficient validation of Android intents

Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/21 12:30 a.m.18 views

EUVD-2026-31200

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized parties to access confirmation messages and obtain ratings...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42647

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

4.6CVSS5.7AI score
Exploits0References3
Rows per page
Query Builder