Lucene search
+L

1800 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-11866

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44871

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS6.1AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-11866 LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

0.00095EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-62656

A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation...

6.8CVSS0.00163EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-62656

The CVE-2026-62656 entry concerns post-authenticated command injection affecting certain NETGEAR RAX models. A logged-in user can send specially crafted requests to the router to run unauthorized commands, enabling changes to the router and impacting security/operation. The vulnerability targets ...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-52840

Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:33 a.m.7 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/27 6:0 a.m.46 views

CVE-2026-10820 ProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOR

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 4:17 p.m.11 views

CVE-2026-54303

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00177EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 5:20 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the getDocumentContent GraphQL query and the REST endpoint /api/documentapi/documentapi/document/documentId/content. An attacker can access sensitive document contents belonging to...

7.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/06/17 10:53 a.m.13 views

CVE-2026-46815

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:0 a.m.19 views

CVE-2026-9570

Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Bosch Security Systems IP Cameras Cross-Site Request Forgery (CVE-2021-23849)

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user CSRF - Cross Site Request Forgery. This requires the victim to be tricked into clicking a malicious link or opening a malicious website while bei...

8.8CVSS7.9AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49902

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...

6CVSS5.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49973

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Extensibility Framework component of the Oracle Enterprise Manager Base Platform. A high privileged...

8.2CVSS5.8AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 8:7 a.m.28 views

CVE-2026-50100

CVE-2026-50100 concerns privilege-escalation in printer drivers from Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. Affected software consists of multiple printer drivers; exploitation would allow an attacker who can log in to a host running an affected driver to elevate privileges by using a...

8.5CVSS7.4AI score0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 3:15 a.m.9 views

CVE-2026-24724 File Station 5

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:7 a.m.17 views

EUVD-2026-35973

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.20 views

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS7.2AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder