Lucene search
+L

809420 matches found

OSV
OSV
added in 2 hours9 views

UBUNTU-CVE-2026-9494

An information disclosure vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in...

5.5CVSS6.1AI score
Exploits0References3
NCSC
NCSC
added 2 hours ago9 views

vulnerabilities present in Microsoft Office

Microsoft has uncovered vulnerabilities in various Office products, such as Word, Excel, PowerPoint, and SharePoint. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as listed in the table below. For successful exploitation, the...

9.8CVSS7AI score0.20346EPSS
Exploits0References3
NVD
NVD
added 5 hours ago5 views

CVE-2026-14503

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS
Exploits0References7
NVD
NVD
added 6 hours ago6 views

CVE-2026-11324

The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS
Exploits0References8
RedhatCVE
RedhatCVE
added 7 hours ago3 views

CVE-2026-47087

A flaw was found in Cyrus IMAP. The URLAUTH mechanism in Cyrus IMAP through version 3.12.2 does not properly revoke access for an authorizer. This allows a previously authorized user to retain access via a URLAUTH URL, even after their authorization has been revoked, potentially leading to...

3.5CVSS6AI score
Exploits0References5
CVE
CVE
added 7 hours ago7 views

CVE-2026-14503

The CVE-2026-14503 entry concerns the pCloud WP Backup plugin for WordPress, affected up to version 2.0.3. The root cause is a Sensitive Information Exposure via the wp2pcl_ajax_process_request_inner path. An authenticated attacker with subscriber-level access or higher can trigger generation of ...

6.5CVSS6.1AI score
Exploits0References7
Cvelist
Cvelist
added 7 hours ago8 views

CVE-2026-14503 pCloud WP Backup <= 2.0.3 - Missing Authorization on the 'start_backup' AJAX Method to Authenticated (Subscriber+) Arbitrary File Read

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 7 hours ago3 views

CVE-2026-14503

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-45132

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS6.1AI score
Exploits0References7
CVE
CVE
added 8 hours ago4 views

CVE-2026-11324

The CVE affects the WordPress plugins WooCommerce Placetopay Gateway and PlacetoPay/AvalPay Gateway. Vulnerable in versions up to 3.2.2 due to insufficient input sanitization and output escaping of the redirect-url parameter, enabling Reflected XSS. Exploitation requires a user action (e.g., clic...

6.1CVSS6.2AI score
Exploits0References8
Cvelist
Cvelist
added 8 hours ago7 views

CVE-2026-11324 WooCommerce Placetopay Gateway <= 3.2.2 - Reflected Cross-Site Scripting via 'redirect-url'

The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 8 hours ago3 views

CVE-2026-11324

The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score
Exploits0References9
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-45129

The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score
Exploits0References8
NVD
NVD
added 8 hours ago4 views

CVE-2026-62386

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS
Exploits0References2
NVD
NVD
added 8 hours ago4 views

CVE-2026-62226

OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...

8.5CVSS
Exploits0References2
CVE
CVE
added 10 hours ago10 views

CVE-2026-62386

The CVE-2026-62386 entry applies to Grav API plugin (getgrav/grav-plugin-api)

8.2CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago11 views

CVE-2026-62386 Grav < 1.0.0-rc.16 Authentication Bypass via token URL Parameter

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 10 hours ago3 views

CVE-2026-62386

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-45086

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS6.1AI score
Exploits0References2
CVE
CVE
added 10 hours ago5 views

CVE-2026-62226

OpenClaw 2026.3.28 before 2026.5.19 contains an authorization bypass in the browser act route, due to failure to properly validate current-tab URL checks. This allows attackers with lower-trust access or configured input paths to perform actions that should be restricted by stronger authorization...

8.5CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder