Lucene search
K

23 matches found

Opera Security Advisories
Opera Security Advisories
added 2026/05/29 12:0 a.m.15 views

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share May 29th, 2026 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

8.8CVSS7.4AI score0.01654EPSS
Exploits4References1
Malwarebytes
Malwarebytes
added 2026/04/29 10:52 a.m.9 views

Scam-checking just got a lot easier: Malwarebytes is now in Claude

For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how to replace a pendant light in the home, and where to eat during upcoming...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/17 11:29 p.m.5 views

EUVD-2026-23599

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...

5.3CVSS5.7AI score0.00335EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 11:40 p.m.13 views

CVE-2026-33933

OpenEMR CVE-2026-33933 affects versions 7.0.2.1 through 8.0.0.2 (up to but not including 8.0.0.3). A reflected XSS in the custom template editor arises from an unescaped contextName parameter, allowing an attacker to execute arbitrary JavaScript in an authenticated staff member’s browser session ...

6.1CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 11:40 p.m.6 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00271EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/25 11:40 p.m.27 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS0.00271EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 11:40 p.m.2 views

EUVD-2026-16040

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00271EPSS
Exploits1References4
OSV
OSV
added 2026/03/25 11:40 p.m.3 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS6AI score0.00271EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.14 views

PT-2026-7819

The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...

5.4AI score0.00366EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.10 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/26 5:40 p.m.24 views

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS0.00418EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.130 views

📄 Soosyze CMS 2.0 Brute Forcer

Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...

5.4CVSS5.5AI score0.0081EPSS
Exploits3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Intelligent Communication GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a lack of rate limiting or account locking mechanism in the authenticated endpoints, which could lead t...

5.1CVSS6.5AI score0.00214EPSS
Exploits1References3
Opera Security Advisories
Opera Security Advisories
added 2025/07/10 12:0 a.m.11 views

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share July 10th, 2025 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

8.8CVSS7.2AI score0.2202EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.7 views

CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

9.8CVSS6.9AI score0.00796EPSS
Exploits1References1
OSV
OSV
added 2025/01/11 7:15 a.m.6 views

CVE-2024-42173

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/07/31 6:15 a.m.8 views

CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

9.8CVSS5.6AI score0.00796EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/07/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

9.8CVSS5.6AI score0.00796EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.132 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...

8.7AI score0.00458EPSS
Exploits2
OSV
OSV
added 2021/10/19 1:15 p.m.4 views

CVE-2021-38486

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...

8.5CVSS7.4AI score0.00751EPSS
Exploits0References1
Rows per page
Query Builder