Lucene search
+L

923 matches found

osv
osv
added 2 days ago3 views

CVE-2026-55651 Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure

Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointmen...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References3
ptsecurity
ptsecurity
added 3 days ago7 views

PT-2026-57852

Name of the Vulnerable Software and Affected Versions ServiceNow AI platform affected versions not specified Description An issue in the ServiceNow AI platform allows an unauthenticated user with network access to perform a sandbox escape, which is a process of breaking out of a restricted...

9.5CVSS6.4AI score0.00509EPSS
Exploits0References12
thn
thn
added 6 days ago7 views

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it say...

9.8CVSS7AI score0.95076EPSS
Exploits2
patchstack
patchstack
added last week6 views

WordPress Import and export users and customers plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Tiago Ventura perses in WordPress Plugin Import and export users and customers versions = 2.4.0...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/06/19 8:16 a.m.13 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
schneier
schneier
added 2026/06/15 11:1 a.m.21 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
redhatcve
redhatcve
added 2026/06/06 12:43 a.m.15 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/04 9:8 p.m.10 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.8AI score0.00174EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/04 9:8 p.m.3 views

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.9AI score0.00174EPSS
Exploits0References4
hackread
hackread
added 2026/06/04 5:10 p.m.31 views

iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil

iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger...

5.8AI score
Exploits0
impervablog
impervablog
added 2026/06/04 3:43 p.m.15 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.9 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities. These vulnerabilities stemmed from the ability to create alerts for unassigned customers, which could be...

5.4CVSS5.2AI score0.00174EPSS
Exploits0References2
nvd
nvd
added 2026/05/27 8:16 a.m.20 views

CVE-2026-8143

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.0019EPSS
Exploits0References2
hackread
hackread
added 2026/05/20 9:14 a.m.19 views

Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud...

5.8AI score
Exploits0
mssecure
mssecure
added 2026/05/12 10:53 p.m.13 views

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

5.8AI score
Exploits0
akamaiblog
akamaiblog
added 2026/05/06 5:0 p.m.8 views

Akamai Is the 2026 Gartner® Peer Insights™ Customers’ Choice for API Protection

Read why Akamai was named the only Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for API Protection...

5.8AI score
Exploits0
wizblog
wizblog
added 2026/04/30 5:7 p.m.11 views

Red Agent and Claude Opus: Securing Production Targets at Scale

Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic...

5.2AI score
Exploits0
nvd
nvd
added 2026/04/23 5:16 a.m.9 views

CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS0.00264EPSS
Exploits1References3
nvd
nvd
added 2026/04/23 4:16 a.m.14 views

CVE-2026-41228

Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal...

9.9CVSS0.00524EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/04/23 4:0 a.m.4 views

CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS5.8AI score0.00264EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder