Lucene search
+L

2215 matches found

Nuclei
Nuclei
added yesterday35 views

Post SMTP <= 3.6.0 - Email Log Disclosure

Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...

9.8CVSS7.2AI score0.51507EPSS
Exploits1References3
NVD
NVD
added yesterday6 views

CVE-2026-11866

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS0.00097EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-44871

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS6.1AI score0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-11866 LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

0.00097EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-62656

A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation...

6.8CVSS0.00163EPSS
Exploits0References3
CVE
CVE
added 3 days ago6 views

CVE-2026-62656

The CVE-2026-62656 entry concerns post-authenticated command injection affecting certain NETGEAR RAX models. A logged-in user can send specially crafted requests to the router to run unauthorized commands, enabling changes to the router and impacting security/operation. The vulnerability targets ...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-52840

Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:33 a.m.7 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 8:42 p.m.52 views

CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 6:0 a.m.43 views

CVE-2026-10820 ProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOR

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 p.m.9 views

CVE-2026-47220

A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 4:17 p.m.10 views

CVE-2026-54303

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00177EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 5:20 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the getDocumentContent GraphQL query and the REST endpoint /api/documentapi/documentapi/document/documentId/content. An attacker can access sensitive document contents belonging to...

7.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/06/17 10:53 a.m.12 views

CVE-2026-46815

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:0 a.m.19 views

CVE-2026-9570

Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Bosch Security Systems IP Cameras Cross-Site Request Forgery (CVE-2021-23849)

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user CSRF - Cross Site Request Forgery. This requires the victim to be tricked into clicking a malicious link or opening a malicious website while bei...

8.8CVSS7.9AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49902

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...

6CVSS5.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49973

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Extensibility Framework component of the Oracle Enterprise Manager Base Platform. A high privileged...

8.2CVSS5.8AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 8:7 a.m.28 views

CVE-2026-50100

CVE-2026-50100 concerns privilege-escalation in printer drivers from Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. Affected software consists of multiple printer drivers; exploitation would allow an attacker who can log in to a host running an affected driver to elevate privileges by using a...

8.5CVSS7.4AI score0.00131EPSS
Exploits0References4
Rows per page
Query Builder