Lucene search
K

12565 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44644

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References4
Nuclei
Nuclei
added 9 hours ago107 views

OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete

OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory. id: CVE-2024-35219 info: name: OpenAPI Generator = 7.5.0 - Arbitrary File...

8.3CVSS7AI score0.03592EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago66 views

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...

9.4CVSS7.2AI score0.36459EPSS
Exploits3References5
EUVD
EUVD
added yesterday11 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15676 code-projects Online Job Portal DeleteUser.php sql injection

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2 days ago3 views

CVE-2026-15684

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-15684

CVE-2026-15684 affects Glarysoft Glary Utilities. The flaw resides in the Disk Clean functionality, where an attacker who can run low-privileged code can abuse a folder junction to delete arbitrary files, enabling a local privilege escalation to SYSTEM and potential arbitrary code execution. The ...

7.3CVSS7.2AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-10103

Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...

4.3CVSS6.2AI score0.00145EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in ishowfeet17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a7da1cae4bcc5f4805bed7bd781b9e27de67b2264f6ba7740c8730369c9405 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-61874

CVE-2026-61874 affects filebrowser before 2.63.17. The root cause is improper path normalization in DeleteWithPathPrefix, allowing an authenticated user to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path and then recreate the same directory to...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-61874 filebrowser before 2.63.17 Stale Public Share via Trailing-Slash Delete

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS0.00198EPSS
Exploits0References3
CVE
CVE
added 3 days ago15 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43231

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-56241 Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS0.00211EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43224

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-61442 PraisonAI Platform before 0.1.9 Authorization Bypass via PATCH

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS0.00256EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-10041

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
Rows per page
Query Builder