Lucene search
+L

2534 matches found

euvd
euvd
added 2026/05/04 6:0 a.m.12 views

EUVD-2026-26906

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
nvd
nvd
added 2026/04/27 4:16 a.m.6 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS0.0024EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/27 2:54 a.m.6 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References2Affected Software2
euvd
euvd
added 2026/04/27 2:54 a.m.6 views

EUVD-2026-25756

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

8.7CVSS5.4AI score0.00368EPSS
Exploits0References1
cve
cve
added 2026/04/27 2:54 a.m.19 views

CVE-2026-3867

CVE-2026-3867 and CVE-2026-3868 affect Moxa’s Secure Router. CVE-2026-3867: improper ownership management may allow a low-privileged authenticated user to access a configuration file containing the hashed admin password when the config is exported, exposing sensitive information (confidentiality ...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/27 2:54 a.m.34 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS0.0024EPSS
Exploits0References1
nvd
nvd
added 2026/04/24 3:16 p.m.8 views

CVE-2026-31568

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PGarch1 bit set. That bit is set for...

7.1CVSS0.00124EPSS
Exploits0References3
osv
osv
added 2026/04/15 1:43 p.m.5 views

SUSE-SU-2026:1356-1 Security update for nfs-utils

This update for nfs-utils fixes the following issue: Security fixes: - CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory bsc1259204. Other fixes: - Split from nfs-utils into its own spec and changelog file...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References4
osv
osv
added 2026/04/10 7:50 p.m.2 views

GHSA-VJ8V-P5VW-M6V5 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

5.3CVSS5.9AI score
Exploits0References4
nvd
nvd
added 2026/04/08 10:16 p.m.6 views

CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

5.4CVSS0.002EPSS
Exploits0References3
cve
cve
added 2026/04/01 6:0 a.m.20 views

CVE-2026-2696

The CVE-2026-2696 entry concerns the WordPress plugin Export All URLs (versions before 5.1). Affected component: the plugin’s CSV filename generation uses a predictable pattern based on a random 6‑digit number, and exported CSVs are stored in publicly accessible wp-content/uploads. This enables a...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1
susecve
susecve
added 2026/03/28 6:28 p.m.6 views

SUSE CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.9AI score0.0018EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/26 3:7 p.m.10 views

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

6.8CVSS5.8AI score0.00178EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:6 p.m.8 views

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.12 views

PT-2026-27640

Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
euvd
euvd
added 2026/03/23 3:30 p.m.5 views

EUVD-2026-14419

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files...

6.8CVSS5.8AI score0.00178EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/23 12:21 p.m.4 views

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

6.8CVSS5.8AI score0.00178EPSS
Exploits0References3Affected Software1
zdi
zdi
added 2026/03/23 12:0 a.m.7 views

(Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability

This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Samsung Account application. An attacker can force a redirection to a site that serves...

5.6CVSS5.9AI score0.00133EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/23 12:0 a.m.4 views

PT-2026-27117

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files...

6.8CVSS5.8AI score0.00178EPSS
Exploits0References3
nvd
nvd
added 2026/03/16 2:19 p.m.5 views

CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder