Lucene search
K

662 matches found

EUVD
EUVD
added 2026/06/22 12:50 p.m.6 views

EUVD-2026-38237

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:50 p.m.3 views

CVE-2026-7167

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 12:50 p.m.29 views

CVE-2026-7167 Multiple vulnerabilities in the Assassin game by Gaudire

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 a.m.14 views

CVE-2026-3640

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS0.00382EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.16 views

CVE-2026-3640

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS5.8AI score0.00382EPSS
Exploits0References15
CVE
CVE
added 2026/06/19 6:51 a.m.16 views

CVE-2026-3640

The STRABL WordPress plugin (versions

5.3CVSS5.8AI score0.00382EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.31 views

CVE-2026-3640 STRABL <= 4.5 - Unauthenticated Arbitrary Webhook Creation via REST API Endpoint

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS0.00382EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/19 6:51 a.m.10 views

EUVD-2026-37995

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS5.8AI score0.00382EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50849

Name of the Vulnerable Software and Affected Versions STRABL – A checkout solution plugin for WordPress versions prior to 4.6 Description The plugin contains a missing authentication flaw in the REST API webhook endpoint "/wp-json/strabl/webhook/order". The endpoint uses a permission callback set...

5.3CVSS5.9AI score0.00382EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.7 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.5 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.4AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 7:16 a.m.13 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:44 a.m.8 views

EUVD-2026-35984

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.3AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:44 a.m.35 views

CVE-2026-29114

The CVE-2026-29114 entry describes a vulnerability in some Dahua products where an attacker may obtain the device’s CA root certificate. If that CA is trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain. Th...

2.3CVSS5.4AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 5:44 a.m.7 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.3AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Dahua IPC 安全漏洞

Dahua IPC is a series of industrial control computers produced by Dahua Corporation in China. There is a security vulnerability in Dahua IPC. This vulnerability stems from the possibility of obtaining the CA root certificate. If this CA is installed and trusted on the client system, an attacker c...

2.3CVSS5.3AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48383

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.3AI score0.0019EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/05/19 3:7 p.m.17 views

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

5.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/04/29 12:0 a.m.5 views

Kuse Web App Abused to Host Phishing Document

Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack...

5.4AI score
Exploits0
Rows per page
Query Builder