Lucene search
K

135 matches found

Vulnrichment
Vulnrichment
added 2026/03/04 3:30 p.m.5 views

CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.14 views

CVE-2026-27471

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS5.3AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/21 6:38 a.m.25 views

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS0.00324EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.6 views

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

4.3CVSS5.7AI score0.00283EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 6:42 a.m.17 views

CVE-2026-1857

The CVE-2026-1857 issue affects Kadence Blocks — Gutenberg Blocks with AI for WordPress (

4.3CVSS5.7AI score0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.9 views

eLection SQL注入漏洞

eLection is an election content management system developed by fauzantrif. Version 2.0 of eLection has a SQL injection vulnerability; this vulnerability stems from the lack of parameter id validation in the candidate management endpoint, which may lead to SQL injection attacks...

7.1CVSS5.8AI score0.00449EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/02 9:30 a.m.6 views

Keycloak Server-Side Request Forgery (SSRF) vulnerability

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.2AI score0.00236EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 7:17 a.m.2 views

CVE-2026-1518

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.3AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 7:17 a.m.25 views

CVE-2026-1518

Keycloak SSRF issue (CVE-2026-1518) affects the CIBA backchannel notification flow. The vulnerability arises from insufficient validation of the client-configured backchannel_notification_endpoint, enabling a privileged user to trigger blind server-side requests to internal services. Documented i...

2.7CVSS5.3AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks whether it has three endpoints, as well as endpoints for bulk input and output. However, it does not check whether the third endpoint is an interrupt input. This...

5.5CVSS6.4AI score0.00156EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-41097)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41097 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking ...

5.5CVSS6.2AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 6:56 p.m.27 views

GHSA-9CVC-H2W8-PHRP AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...

3.7CVSS6.6AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-27655

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus driver does not validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driver to...

9.8CVSS5.4AI score0.0049EPSS
Exploits0References478
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-27677

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kaweth driver does not validate the number and types of USB endpoints of a device before binding to it. A malicious device lacking expected USB endpoints can cause the driver to cras...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.13 views

PT-2026-27730

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kalmia driver does not properly validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driv...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
NVD
NVD
added 2025/12/30 1:16 p.m.6 views

CVE-2023-54277

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from...

0.00173EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992699 advisory. In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb...

5.5CVSS6.2AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 7:20 a.m.32 views

CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...

6.5CVSS0.0037EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/06 4:41 p.m.5 views

CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

4.3CVSS6.3AI score0.0025EPSS
Exploits0References1
Rows per page
Query Builder