Lucene search
K

56686 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-12593

The CVE concerns Axivion Dashboard’s OIDC/OAuth2/SSO subsystem. An internal, undocumented API endpoint (POST /api/users/~/{user}/tokens) did not enforce sufficient permissions when creating an API token for another user. Preconditions include an internal user with higher privileges, knowledge of ...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42589

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
Circl
Circl
added 3 days ago6 views

CVE-2026-9240

creationtimestamp| type| source ---|---|--- 2026-07-09 12:27:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7mz2x7ed27...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References1
Circl
Circl
added 3 days ago7 views

CVE-2026-9027

creationtimestamp| type| source ---|---|--- 2026-07-09 12:07:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7lvw6qiq25...

5.3CVSS5.9AI score0.00222EPSS
Exploits0References1
Circl
Circl
added 3 days ago6 views

CVE-2026-9253

creationtimestamp| type| source ---|---|--- 2026-07-09 11:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7l5x5fd325 2026-07-09 13:30:51+00:00| seen| https://infosec.exchange/users/offseq/statuses/116890261952553944 2026-07-09 13:30:53+00:00| seen|...

7.2CVSS5.9AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-9235

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
Circl
Circl
added 3 days ago6 views

CVE-2026-5955

creationtimestamp| type| source ---|---|--- 2026-07-09 10:52:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq7hp5hsn72h...

9.8CVSS5.9AI score0.00436EPSS
Exploits0References1
Circl
Circl
added 3 days ago7 views

CVE-2026-12590

creationtimestamp| type| source ---|---|--- 2026-07-09 10:29:15+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mq7gg7lj5s2d 2026-07-10 05:29:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbg5qdepx2e...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
Circl
Circl
added 3 days ago8 views

CVE-2026-47831

creationtimestamp| type| source ---|---|--- 2026-07-09 08:46:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7aomhpfa2q 2026-07-09 17:36:49+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6cspnal2i...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
Circl
Circl
added 3 days ago6 views

CVE-2026-12517

creationtimestamp| type| source ---|---|--- 2026-07-09 08:13:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76tg4nxx2g 2026-07-09 17:49:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6yw2ove2c...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Circl
Circl
added 3 days ago7 views

CVE-2026-5523

creationtimestamp| type| source ---|---|--- 2026-07-09 08:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76hzxyyb26 2026-07-09 11:49:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq7kvszdyh27 2026-07-10 00:00:23+00:00| seen|...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Circl
Circl
added 3 days ago7 views

CVE-2026-12270

creationtimestamp| type| source ---|---|--- 2026-07-09 08:04:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76d5lxbl2w 2026-07-09 17:40:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqa6izod342s...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
Circl
Circl
added 3 days ago8 views

CVE-2026-51541

creationtimestamp| type| source ---|---|--- 2026-07-09 03:44:40+00:00| seen| https://gist.github.com/MrAlaskan/705c680856e48c535148265c0899ad4b...

5.9AI score
Exploits0References1
Circl
Circl
added 3 days ago8 views

CVE-2026-51538

creationtimestamp| type| source ---|---|--- 2026-07-09 03:40:11+00:00| seen| https://gist.github.com/MrAlaskan/8156ca3acd6754a9f66efede0a1351f2...

5.9AI score
Exploits0References1
Circl
Circl
added 3 days ago9 views

CVE-2026-51537

creationtimestamp| type| source ---|---|--- 2026-07-09 03:36:14+00:00| seen| https://gist.github.com/MrAlaskan/a5fb0fb7765c9df80d28220ed558f04e...

5.9AI score
Exploits0References1
Circl
Circl
added 3 days ago6 views

GHSA-GV7V-RGG6-548H

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1117 2026-07-10 00:00:35+00:00| seen| https://t.me/brutsecurity/1117 2026-07-11 16:00:02+00:00| published-proof-of-concept| https://t.me/brutsecurity/1117 2026-07-12 00:00:45+00:00|...

6.1AI score
Exploits0References1
Circl
Circl
added 3 days ago7 views

GHSA-QCJ2-99CG-MPPF

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:06+00:00| seen| https://t.me/brutsecurity/2141 2026-07-10 00:00:14+00:00| seen| https://t.me/brutsecurity/2141 2026-07-11 12:00:04+00:00| published-proof-of-concept| https://t.me/brutsecurity/2141 2026-07-12 00:00:50+00:00|...

6.1AI score
Exploits0References1
Rows per page
Query Builder