Lucene search
K

29 matches found

Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004063)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004063 advisory. In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770. Tenabl...

7.1CVSS6.4AI score0.00483EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/01/04 12:0 a.m.8 views

PT-2026-1188

Name of the Vulnerable Software and Affected Versions CRMEB versions up to 5.6.1 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from a SQL injection vulnerability within the /adminapi/export/product list file. Specifically, manipulating the cate id...

5.8CVSS8.4AI score0.00329EPSS
Exploits1References9
CBLMariner
CBLMariner
added 2025/10/28 9:13 p.m.7 views

CVE-2024-21626 affecting package podman for versions less than 5.6.1-2

CVE-2024-21626 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Cvelist
Cvelist
added 2025/10/05 11:32 a.m.10 views

CVE-2025-11290 CRMEB JWT HMAC Secret hard-coded key

A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of...

6.3CVSS0.00369EPSS
Exploits0References3
OSV
OSV
added 2025/08/04 4:15 p.m.5 views

CVE-2025-38739

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.4 views

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

8.8CVSS7.4AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.8 views

CVE-2023-38561

Improper access control in some IntelR XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2024/08/02 9:16 p.m.5 views

AZL-49596 CVE-2024-3056 affecting package podman for versions less than 5.6.1-2

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

7.7CVSS7.3AI score0.00514EPSS
Exploits0References1
OSV
OSV
added 2024/05/30 6:15 p.m.4 views

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

9.8CVSS5.9AI score0.00523EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.6 views

NetBox Security Vulnerability

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in LenelS2 NetBox 5.6.1 and earlier versions that stems from the presence of a remote code execution vulnerability...

9.3CVSS8AI score0.00523EPSS
Exploits0References3
Elastic
Elastic
added 2024/04/22 9:19 a.m.10 views

Elastic Security Statement for CVE-2024-3094, xz versions 5.6.0 and 5.6.1

Elastic Products are not affected by this issue. On March 29th, 2024, Elastic became aware of the malicious code planted in the xz package. Elastic has performed an investigation to identify any Elastic Products which may be impacted by this issue and we have concluded that no Elastic products us...

10CVSS7.2AI score0.85974EPSS
Exploits40
NCSC
NCSC
added 2024/03/29 12:0 a.m.8 views

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

10CVSS7.2AI score0.85974EPSS
Exploits40
OSV
OSV
added 2023/12/29 10:15 a.m.4 views

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

7.5CVSS5.8AI score0.00694EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.9 views

PT-2023-21579 · WordPress · Woocommerce Payments

Name of the Vulnerable Software and Affected Versions: WooCommerce Payments plugin for WordPress versions 5.6.1 and lower Description: An issue in the WooCommerce Payments plugin for WordPress allows an unauthenticated attacker to send requests on behalf of an elevated user, such as an...

9.8CVSS9.8AI score0.86919EPSS
Exploits9References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.5 views

SUSE CVE-2017-11479

Kibana versions prior to 5.6.1 had a cross-site scripting XSS vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS5.7AI score0.01071EPSS
Exploits0References4
OSV
OSV
added 2022/10/14 3:15 p.m.8 views

AZL-44613 CVE-2022-32149 affecting package podman for versions less than 5.6.1-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.5 views

PT-2022-8579 · Bodhi · Bodhi

Name of the Vulnerable Software and Affected Versions: Bodhi versions prior to 5.6.1 Description: Two cross-site scripting issues were fixed. Recommendations: For versions prior to 5.6.1, update to version 5.6.1 to resolve the issue...

6.1CVSS6AI score0.00395EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/22 12:0 a.m.8 views

Keybase Desktop Client Security Vulnerability

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability exists in the Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, which allows an attacker to obtain potentially sensitive media in the...

5.5CVSS6.1AI score0.00296EPSS
Exploits1References4
Rows per page
Query Builder