Lucene search
K

1093 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-11990

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00342EPSS
Exploits0References12
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42864

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
NVD
NVD
added last week9 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 9:44 p.m.21 views

CVE-2026-50721

CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/02 5:12 p.m.11 views

EUVD-2026-36322

OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 7:45 a.m.23 views

ROOT-APP-NPM-CVE-2020-7720 CVE-2020-7720 in @rootio/node-forge - Patched by Root

Root has patched CVE-2020-7720 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

9.8CVSS7.1AI score0.03162EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:45 a.m.11 views

ROOT-APP-NPM-CVE-2022-0122 CVE-2022-0122 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-0122 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

6.1CVSS6.4AI score0.00832EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:45 a.m.17 views

ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.11 views

ROOT-APP-NPM-CVE-2026-33891 CVE-2026-33891 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33891 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00596EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:45 a.m.8 views

ROOT-APP-NPM-CVE-2022-24773 CVE-2022-24773 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24773 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

5.3CVSS6.7AI score0.00875EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.20 views

ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

8.6CVSS5.4AI score0.00689EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:45 a.m.23 views

ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS6.8AI score0.01015EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.15 views

ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00339EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.8 views

ROOT-APP-NPM-CVE-2025-66030 CVE-2025-66030 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-66030 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

5.3CVSS5AI score0.00276EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.19 views

ROOT-APP-NPM-CVE-2022-24771 CVE-2022-24771 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24771 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00717EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.17 views

ROOT-APP-NPM-CVE-2026-33895 CVE-2026-33895 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33895 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00348EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:45 a.m.19 views

ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.4CVSS6.6AI score0.00348EPSS
Exploits1
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 7:40 p.m.8 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder