Lucene search
K

15 matches found

CVE
CVE
added 2 days ago13 views

CVE-2026-12994

Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
CERT
CERT
added 5 days ago5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
NVD
NVD
added last week7 views

CVE-2026-34167

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...

5CVSS0.00199EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 6:16 p.m.10 views

CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40273

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/sync cm.go performs zero authorization checks on all CRUD operations create, read,...

8.5CVSS5.7AI score0.00515EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:29 a.m.8 views

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS6AI score0.00519EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/03/16 12:0 a.m.28 views

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25793

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.8 views

PT-2026-22577

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

8.8CVSS5.9AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.11 views

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

9.4CVSS5.8AI score0.00546EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

5CVSS5.8AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 9:22 p.m.5 views

GHSA-F632-VM87-2M2F qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

8.5CVSS6.2AI score0.0049EPSS
Exploits1References5
NVD
NVD
added 2025/12/13 4:16 p.m.4 views

CVE-2025-14366

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

5.3CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2021-11890

Malware in sbrugna...

5.3CVSS5.3AI score0.00519EPSS
Exploits2References2
OSV
OSV
added 2023/03/14 5:15 a.m.3 views

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

5.3CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder