Lucene search
K

6405 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10467 Malicious code in polymarket-stake-kelly-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01715ebd11c8adf6ac26ce11bc5fc07e6cfb6775fa77dbe1ca022d0d6593b99c [email protected] ships a postinstall script scripts/install-check.cjs referenced by package.json's postinstall hook that on every np...

6.1AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-57694

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...

6.5CVSS0.00335EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43300

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-14165

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-14165

Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-14165 Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday112 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.3AI score0.71725EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday71 views

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...

10CVSS7AI score0.09733EPSS
Exploits2References5
NVD
NVD
added 2 days ago7 views

CVE-2026-59260

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS0.00714EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-9017

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00273EPSS
Exploits0References8
CVE
CVE
added 3 days ago14 views

CVE-2026-9017

The CVE describes an authorization bypass in the NEX-Forms – Ultimate Forms Plugin for WordPress (vulnerable up to and including 9.2.2). The underlying issue is that the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to overwrite...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
NVD
NVD
added 4 days ago4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-55461

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57211 RabbitMQ: UNC SSRF affecting the management UI on Windows

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

6.5CVSS0.00278EPSS
Exploits1References5
NVD
NVD
added 4 days ago8 views

CVE-2026-6212

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42988

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-6212 IDOR in Teracity's TeraMIS

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder