Lucene search
K

5029 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

4.3CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39655

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

5.3CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7891

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...

9.3CVSS5.5AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.8 views

CVE-2026-3324

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration...

8.2CVSS5.5AI score0.01323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.1AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45209

Missing Authorization vulnerability in edwardplainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161...

7.5CVSS5.4AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-28201

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

8.7CVSS5.7AI score0.00144EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 10:27 p.m.13 views

CVE-2024-27890 On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS5.5AI score0.0443EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.14 views

The Coverage Gap: Chile's Cyber Disclosure Framework Versus the USA, EU and UK

We introduce the Coverage Gap as a measurable distance between the observable public exposure of critical-infrastructure operators and their declared capability to coordinate vulnerability disclosure. We instantiate it against the 915 Chilean Operadores de Importancia Vital OIVs -- Operators of...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/02 3:48 p.m.79 views

Exploit for OS Command Injection in Gnu Bash

HackTheBox: Shocker Writeup A structured and professional walk...

10CVSS7.6AI score0.99999EPSS
Exploits131
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.12 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 2:1 p.m.11 views

EUVD-2026-33931

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 12:16 p.m.14 views

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

7.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 10:16 a.m.19 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 10:16 a.m.12 views

CVE-2025-53346

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:56 a.m.11 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 8:56 a.m.244 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45717

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder