Lucene search
K

1553 matches found

Nuclei
Nuclei
added yesterday14 views

ipTIME A2004 - Unauthorized Access

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54763 info: name: ipTIME A2004 - Unauthorized Access author: ritikchaddha severity: medium description: | An access control...

6.5CVSS6AI score0.00759EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57388

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/07 5:32 p.m.33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.7 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6AI score0.12797EPSS
Exploits9References6
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

8.6CVSS0.00261EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.5AI score0.00232EPSS
Exploits0References4
Redos
Redos
added 2026/06/05 12:0 a.m.9 views

ROS-20260605-73-0003

The vulnerability in ImageMagick7 is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.1CVSS5.4AI score0.0012EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/05/28 12:0 a.m.31 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

9.4CVSS6.6AI score0.00514EPSS
Exploits0References38
OSV
OSV
added 2026/05/27 12:14 p.m.1 views

CVE-2025-71304 smack: /smack/doi: accept previously used values

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

5.5CVSS5.9AI score0.0016EPSS
Exploits0References11
Redos
Redos
added 2026/05/25 12:0 a.m.58 views

ROS-20260525-73-0001

Vulnerability in python-sqlparse related to insufficient control of a resource while it exists. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/20 12:0 a.m.14 views

CVE-2026-44926

InfoScale CmdServer is affected by CVE-2026-44926 where versions prior to 7.4.2 mishandle access control, potentially enabling unauthenticated network attackers with low privileges and no user interaction to compromise confidentiality, integrity, and availability (CVSS v3.1: 8.8). The condition i...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 6:16 a.m.17 views

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 12:0 a.m.15 views

EUVD-2026-30278

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

6.1CVSS5.8AI score0.0092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40930

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

5.8AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40142

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no...

7.8CVSS5.8AI score0.00272EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...

9.8CVSS6.1AI score0.01386EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.9 views

CVE-2026-39520

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through = 2.1.18...

5.3CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.21 views

CVE-2026-39681 WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

7.5CVSS0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39561 WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

5.8AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder