Lucene search
K

3432 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-5269

In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...

9.8CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2 days ago17 views

CVE-2026-5269

Technical details about CVE-2026-5269 are not publicly available in the provided documents; no affected product versions, exploit information, or remediation specifics are included. Monitor for updates.

9.8CVSS6.1AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago39 views

CVE-2026-5269 Navigator NCS and MCP System Accounts with Default Passwords

In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...

0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

0.00217EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago49 views

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...

5.3CVSS6.4AI score0.12719EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago318 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7AI score0.70589EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-12994 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Missing Authorization to Unauthenticated Arbitrary Inquiry Reply Injection via wcfm-my-account-enquiry-manage Controller

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS0.00361EPSS
Exploits0References12
Fedora
Fedora
added 6 days ago9 views

[SECURITY] Fedora 43 Update: k9s-0.51.0-2.fc43

Kubernetes CLI To Manage Your Clusters In Style!...

5.9AI score
Exploits0
NVD
NVD
added 2026/07/08 5:16 a.m.12 views

CVE-2026-9842

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.34 views

CVE-2026-9842 Backstage <= 1.4.2 - Unauthenticated Privilege Escalation via Permissive Demo Role Capabilities

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 4:30 a.m.14 views

CVE-2026-9842

The CVE-2026-9842 entry concerns the Backstage - Customizer Demo Access plugin for WordPress (up to version 1.4.2). The root cause is that the plugin assigns the manage_options capability to the backstage_customizer_user demo role, which is more permissive than required for a Demo Access/Customiz...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 8:27 p.m.6 views

CVE-2026-55633 DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS6.3AI score0.00501EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-763 Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

6.1CVSS5.9AI score0.02055EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

5.5CVSS0.00176EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 8:21 p.m.17 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:21 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:21 p.m.36 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS0.00176EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 8:21 p.m.10 views

EUVD-2026-40407

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 1:18 p.m.10 views

CVE-2026-4629

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS0.0024EPSS
Exploits1References2
Rows per page
Query Builder