56686 matches found
CVE-2026-12593
The CVE concerns Axivion Dashboard’s OIDC/OAuth2/SSO subsystem. An internal, undocumented API endpoint (POST /api/users/~/{user}/tokens) did not enforce sufficient permissions when creating an API token for another user. Preconditions include an internal user with higher privileges, knowledge of ...
EUVD-2026-42589
The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...
CVE-2026-9240
creationtimestamp| type| source ---|---|--- 2026-07-09 12:27:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7mz2x7ed27...
CVE-2026-9027
creationtimestamp| type| source ---|---|--- 2026-07-09 12:07:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7lvw6qiq25...
CVE-2026-9253
creationtimestamp| type| source ---|---|--- 2026-07-09 11:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7l5x5fd325 2026-07-09 13:30:51+00:00| seen| https://infosec.exchange/users/offseq/statuses/116890261952553944 2026-07-09 13:30:53+00:00| seen|...
CVE-2026-9235
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
CVE-2026-5955
creationtimestamp| type| source ---|---|--- 2026-07-09 10:52:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq7hp5hsn72h...
CVE-2026-12590
creationtimestamp| type| source ---|---|--- 2026-07-09 10:29:15+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mq7gg7lj5s2d 2026-07-10 05:29:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbg5qdepx2e...
CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
CVE-2026-47831
creationtimestamp| type| source ---|---|--- 2026-07-09 08:46:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7aomhpfa2q 2026-07-09 17:36:49+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6cspnal2i...
CVE-2026-12517
creationtimestamp| type| source ---|---|--- 2026-07-09 08:13:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76tg4nxx2g 2026-07-09 17:49:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6yw2ove2c...
CVE-2026-5523
creationtimestamp| type| source ---|---|--- 2026-07-09 08:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76hzxyyb26 2026-07-09 11:49:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq7kvszdyh27 2026-07-10 00:00:23+00:00| seen|...
CVE-2026-12270
creationtimestamp| type| source ---|---|--- 2026-07-09 08:04:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76d5lxbl2w 2026-07-09 17:40:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6izod342s...
CVE-2026-47828
The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...
CVE-2026-51541
creationtimestamp| type| source ---|---|--- 2026-07-09 03:44:40+00:00| seen| https://gist.github.com/MrAlaskan/705c680856e48c535148265c0899ad4b...
CVE-2026-51538
creationtimestamp| type| source ---|---|--- 2026-07-09 03:40:11+00:00| seen| https://gist.github.com/MrAlaskan/8156ca3acd6754a9f66efede0a1351f2...
CVE-2026-51537
creationtimestamp| type| source ---|---|--- 2026-07-09 03:36:14+00:00| seen| https://gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e...
GHSA-GV7V-RGG6-548H
creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1117 2026-07-10 00:00:35+00:00| seen| https://t.me/brutsecurity/1117 2026-07-11 16:00:02+00:00| published-proof-of-concept| https://t.me/brutsecurity/1117 2026-07-12 00:00:45+00:00|...
GHSA-QCJ2-99CG-MPPF
creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:06+00:00| seen| https://t.me/brutsecurity/2141 2026-07-10 00:00:14+00:00| seen| https://t.me/brutsecurity/2141 2026-07-11 12:00:04+00:00| published-proof-of-concept| https://t.me/brutsecurity/2141 2026-07-12 00:00:50+00:00|...