Lucene search
K

204 matches found

Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-53659

Name of the Vulnerable Software and Affected Versions Gorse versions prior to 0.5.10 Description An authentication bypass exists in the HTTP API when the admin api key is left empty, which is the default configuration. This occurs because improper input validation treats an empty key as a disabli...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References6
NVD
NVD
added last week12 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added last week31 views

CVE-2026-8617 SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 8:13 p.m.28 views

CVE-2026-47385 NocoDB: Path Traversal via SQLite Source Filename

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:13 p.m.39 views

CVE-2026-47385

CVE-2026-47385 (NocoDB) : An authenticated user with base-create permission can attach a SQLite source that points to an arbitrary file on the host, bypassing location restrictions in the SQLite client and base-create services. This can target internal databases (e.g., noco.db or tenant databases...

5.3CVSS6AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51308

Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the behavior where waiting for dio completion was necessary. It should wait for all existing dio write I/Os before removing a block. Otherwise, previous direct write I/Os might overwrite data in the block, and that da...

6.5CVSS6.2AI score0.00822EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 2:29 a.m.17 views

CVE-2026-11775

The CVE-2026-11775 entry affects the WordPress plugin User Admin Simplifier (up to version 3.0.0). It suffers from a Cross-Site Request Forgery due to missing or incorrect nonce validation on the useradminsimplifier_options_page function. This allows unauthenticated attackers to reset and permane...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 8:29 a.m.14 views

EUVD-2026-36649

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.9 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 a.m.17 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:21 a.m.10 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 12:21 a.m.55 views

CVE-2026-44751

CVE-2026-44751 affects the SAP NetWeaver ABAP Platform/application server ABAP. The issue is a missing authorization check for authenticated users, enabling a user to execute a report generation command and potentially overwrite another user’s information, resulting in privilege escalation. Impac...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4362

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.5AI score0.00355EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 3:38 p.m.8 views

GHSA-C656-JCX2-7PQJ zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00061EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.10 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

5.8AI score0.00061EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.6 views

CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References10
OSV
OSV
added 2026/05/08 3:16 p.m.6 views

UBUNTU-CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References11
Rows per page
Query Builder