56742 matches found
CVE-2026-57728
creationtimestamp| type| source ---|---|--- 2026-07-13 11:19:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjl3decem2e...
CVE-2026-57710
creationtimestamp| type| source ---|---|--- 2026-07-13 11:18:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkzd2pp525...
CVE-2026-22096
creationtimestamp| type| source ---|---|--- 2026-07-13 11:10:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkkyqbj62r 2026-07-13 18:49:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkeb3m33j2e...
CVE-2026-22093
creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkhgrukm2t 2026-07-13 17:49:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkavfwvjs2y...
CVE-2026-59518
creationtimestamp| type| source ---|---|--- 2026-07-13 11:05:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkc6f45w2l 2026-07-13 11:30:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjlorfkkl2w 2026-07-13 11:55:15+00:00| seen|...
CVE-2026-57381
creationtimestamp| type| source ---|---|--- 2026-07-13 10:59:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjjxs6j7527 2026-07-13 18:57:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkenyr3e52f...
CVE-2026-57772
creationtimestamp| type| source ---|---|--- 2026-07-13 10:51:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjjbh4rv25...
CVE-2026-15546
creationtimestamp| type| source ---|---|--- 2026-07-13 09:45:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjfuhyoop2s 2026-07-13 10:17:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjhn4vufb26...
EUVD-2026-43315
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...
EUVD-2026-43288
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...
CVE-2026-9597
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...
CVE-2026-9597
Mattermost advisory MMSA-2026-00681 documents a vulnerability in Mattermost where versions 11.7.x <= 11.7.2 and 11.6.x
CVE-2026-9597 Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...
CVE-2026-4769
creationtimestamp| type| source ---|---|--- 2026-07-13 07:21:18+00:00| seen| https://infosec.exchange/users/certvde/statuses/116911458109125585 2026-07-13 07:54:49+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mqj7nsuneh2l 2026-07-13 08:30:05+00:00| seen|...
CVE-2026-12273
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...
XWiki < 14.10.14 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...
Moodle - Cross-Site Scripting/Remote Code Execution
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...
Telesquare TLR-2855KS6 - Arbitrary File Creation
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...
Grafana Unauthenticated Snapshot Creation
Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...