Lucene search
K

13629 matches found

Nuclei
Nuclei
added 9 hours ago9 views

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

9.4CVSS6.1AI score0.01173EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 15 hours ago4 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details CVEID:CVE-2026-11546 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a...

9.8CVSS6.1AI score0.00222EPSS
Exploits0Affected Software1
EUVD
EUVD
added 16 hours ago5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 16 hours ago5 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-62195

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-62194

OpenClaw CVE-2026-62194 affects OpenClaw versions 2026.5.20 before 2026.6.9. Vulnerable: plugin install commands in the OpenClaw stack. Root cause: privilege escalation via misconfigured input paths or enabled features that let lower-trust callers execute/persist actions beyond their authorizatio...

8.8CVSS6.2AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-12396

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level self-registerable account to approve, feature, or reject arbitrary jobs, including those owned by other user...

5.4CVSS0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday217 views

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS7.1AI score0.85247EPSS
Exploits3References5
CVE
CVE
added 4 days ago15 views

CVE-2026-13347

The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Langflow < 1.9.2 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.2. It is, therefore, affected by multiple vulnerabilities: - The Shareable Playground feature enables execution of workflows by unauthenticated users. When the route /api/v1/buildpublictmp executes a flow, it allows providing...

9.6CVSS6.3AI score0.00688EPSS
Exploits2References4
NVD
NVD
added 5 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-11869

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago5 views

CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 6 days ago49 views

CVE-2026-58525

CVE-2026-58525 affects Microsoft Edge (Chromium-based) with an improper access control that lets an unauthenticated attacker bypass a security feature over the network. CVSS 3.1 base score 8.2 (HIGH) with Network attack vector, Low attack complexity, No privileges, User interaction required, Conf...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-56776

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS0.00161EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 6 days ago10 views

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS5.9AI score0.00362EPSS
Exploits0
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42263

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago14 views

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update

Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...

10CVSS6.9AI score0.01735EPSS
Exploits7References28
NVD
NVD
added last week12 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
Rows per page
Query Builder