Lucene search
K

150 matches found

CVE
CVE
added 2026/07/05 12:2 p.m.23 views

CVE-2026-59509

CVE-2026-59509 affects cve-search: unauthenticated improper input validation in POST /fetch_cve_data lets an attacker manipulate MongoDB query parameters (collection, projected fields, regex filters) to read arbitrary application MongoDB collections, including mgmt_users (administrative usernames...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/05 12:2 p.m.12 views

EUVD-2026-41753

An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41447

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13371

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:4 p.m.4 views

CVE-2026-13371

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:4 p.m.18 views

CVE-2026-13371

WatchGuard Firebox management UI is affected by CVE-2026-13371 due to unsafe deserialization in the put_data endpoint. An authenticated administrator can exploit crafted input to trigger a denial-of-service in the Fireware Management Web UI. The CVSS metrics indicate network access with high priv...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:4 p.m.31 views

CVE-2026-13371 WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55328

Name of the Vulnerable Software and Affected Versions WatchGuard Firebox Management Web UI affected versions not specified Description An authenticated administrator can cause a denial-of-service condition in the Fireware Management Web UI. This occurs when malformed or crafted data is sent to th...

6.9CVSS6.2AI score0.0031EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/20 9:56 a.m.16 views

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...

7.5CVSS5.9AI score0.39704EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.4AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-40929

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/commentDelete.json.php is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call forbidIfIsUntrustedRequest, does not verify a CSRF/global token, and does not check...

5.4CVSS5.3AI score0.00113EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 1:45 p.m.36 views

CVE-2026-11333 tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:54 a.m.9 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.20 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

3.1CVSS5.3AI score0.00459EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 9:16 a.m.38 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS0.00262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.9 views

CVE-2026-4683 Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 2:58 a.m.9 views

CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/07 2:58 a.m.16 views

EUVD-2026-28266

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/05/03 6:15 a.m.11 views

CVE-2026-7680

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

5.3CVSS0.00467EPSS
Exploits0References4
Rows per page
Query Builder