Lucene search
K

41 matches found

CVE
CVE
added yesterday20 views

CVE-2026-49229

Affected software: Actual, a local-first personal finance app. Vulnerability summary: In OpenID multi-user mode prior to 26.6.0, disabling a user blocks future OpenID logins but does not revoke existing session tokens. The shared session validation path accepts any non-expired token, allowing a d...

8.3CVSS6AI score0.00038EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:13 p.m.7 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/24 12:16 a.m.27 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 12:16 a.m.4 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.4AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 3:10 p.m.3 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/29 3:6 a.m.9 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-7051

Malware in sbrugna...

2.1CVSS6.3AI score0.00368EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-51901

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:4 a.m.9 views

CVE-2023-47806

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

8.8CVSS8AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.7 views

CVE-2022-2350

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...

5.3CVSS7AI score0.00408EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-5107 · Unknown · Spiderpowa Embed Pdf

Name of the Vulnerable Software and Affected Versions: Spiderpowa Embed PDF versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

6.5CVSS9.1AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.5 views

PT-2024-21052 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0 Description: The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially...

8.8CVSS7.1AI score0.00385EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.9 views

PT-2024-20630 · Codepeople · Codepeople Cp Polls

Name of the Vulnerable Software and Affected Versions: CodePeople CP Polls versions 1.0.71 and earlier Description: The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, which allows Code Injection. This means that an attacker could...

5.3CVSS9.4AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2023/12/18 4:15 p.m.2 views

CVE-2023-47806

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

8.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/12/18 4:15 p.m.20 views

CVE-2023-47806

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

8.8CVSS0.00264EPSS
Exploits0References1
Prion
Prion
added 2023/12/18 4:15 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

6.8CVSS7.2AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 3:45 p.m.24 views

CVE-2023-47806 WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

5.4CVSS8.9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2023/12/18 3:45 p.m.60 views

CVE-2023-47806

The CVE-2023-47806 entry concerns the WordPress plugin Disable User Login. A CSRF vulnerability exists due to the absence of a CSRF check in the plugin’s bulk action, allowing an attacker to cause unintended actions on a user’s account. Affected versions are 1.3.7 and earlier, with fixes introduc...

8.8CVSS8AI score0.00264EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder