Lucene search
K

1707 matches found

CVE
CVE
added yesterday2 views

CVE-2026-50326

CVE-2026-50326 affects the Windows Unified Consent System. Description: use-after-free leading to local privilege escalation for an authorized attacker. Connected sources confirm the vulnerability and indicate Microsoft patches are available (e.g., MSRC/KB articles). In any write-up, cite that th...

7.8CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58317

Name of the Vulnerable Software and Affected Versions Windows Unified Consent System affected versions not specified Description A use after free issue in the Windows Unified Consent System allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw tha...

7.8CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2946 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

5.5CVSS6.3AI score0.00116EPSS
Exploits0References7
Nuclei
Nuclei
added 4 days ago31 views

Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.5AI score0.84461EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42849

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 5 days ago6 views

CVE-2026-12955

The CVE-2026-12955 entry describes a vulnerability in the GDPR Cookie Consent plugin for WordPress (versions up to 4.3.6) where missing capability checks and nonce verification in the gdpr_cookie_consent_ajax_save_schedule_scan() function (wp_ajax_gcc_save_schedule_scan) allow authenticated users...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-12955 Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Coder < 2.29.7 / 2.30.x < 2.30.2 Workspace Auto-Creation Without Consent (CVE-2026-44454)

The version of Coder installed on the remote host is prior to 2.29.7 or 2.30.x prior to 2.30.2. It is, therefore, affected by a command injection vulnerability. The dotfiles registry module passed unsanitized user input to shell commands, enabling arbitrary code execution inside provisioned...

8.8CVSS6.5AI score0.02642EPSS
Exploits0References2
Patchstack
Patchstack
added 6 days ago5 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.8CVSS0.02642EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:16 p.m.6 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS6.6AI score0.02642EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/07/07 8:16 p.m.31 views

CVE-2026-44454 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS0.02642EPSS
Exploits0References7
CVE
CVE
added 2026/07/07 8:16 p.m.28 views

CVE-2026-44454

Coder is vulnerable to command injection in the dotfiles registry module, exploitable via crafted dotfiles_uri values and the mode=auto workflow. Root cause: unsanitized user input interpolated into shell commands, enabling arbitrary code execution inside a provisioned workspace, especially when ...

8.8CVSS6.6AI score0.02642EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/07 3:26 p.m.6 views

GO-2026-5897 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder

Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder...

8.8CVSS5.9AI score0.02642EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 1:16 p.m.9 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

7.3CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/04 12:49 p.m.18 views

CVE-2025-13475

Technical details about CVE-2025-13475 are not publicly available in the provided documents. Monitor for updates.

7.3CVSS5.9AI score0.00158EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder