CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Trellix•added 2026/04/09 12:0 a.m.•3 views

How A Simple Misconfiguration Can Fuel Offline Attacker Tools

How A Simple Misconfiguration Can Fuel Offline Attacker Tools By Grant McDonald · April 9, 2026 It’s no secret that misconfigurations are a gateway for attackers. But that doesn’t mean misconfigurations won’t happen or that attackers won’t attempt to exploit them. In the latest research from our...

5.8AI score

Exploits0

Tenable Nessus•added 2026/04/08 12:0 a.m.•0 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006665 advisory. In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blkmqallocrequesthctx This patch prevents that test...

7.8CVSS6.6AI score0.00017EPSS

Patchstack•added 2026/04/07 11:20 p.m.•6 views

WordPress Backup Migration plugin <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability

Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Backup Migration versions = 2.0.0...

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/07 4:26 p.m.•2 views

CVE-2025-14944 Backup Migration <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

Cvelist•added 2026/04/07 4:26 p.m.•17 views

CVE-2025-14944 Backup Migration <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage

5.3CVSS0.00051EPSS

CVE•added 2026/04/07 4:26 p.m.•3 views

CVE-2025-14944

The CVE concerns the WordPress Backup Migration plugin and affects all versions up to 2.0.0. Root cause: missing capability check in initializeOfflineAjax and insufficient nonce verification, with hardcoded tokens exposed in the plugin’s JavaScript. This allows unauthenticated attackers to trigge...

EUVD•added 2026/04/07 9:31 a.m.•1 views

EUVD-2026-19574

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

PyPA•added 2026/04/07 7:16 a.m.•9 views

Exploits1References3

PYSEC-2026-170

9.8CVSS7.3AI score0.00027EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/07 7:16 a.m.•11 views

PYSEC-2026-170

9.8CVSS5.8AI score0.00027EPSS

Cvelist•added 2026/04/07 6:19 a.m.•25 views

CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms

9.8CVSS0.00027EPSS

ATTACKERKB•added 2026/04/07 6:19 a.m.•4 views

CVE-2026-1114

CVE•added 2026/04/07 6:19 a.m.•10 views

Exploits1References3

CVE-2026-1114

CVE-2026-1114 affects parisneo/lollms 2.1.0. The issue is an improper access control flaw caused by signing JWTs with a weak secret key, enabling an offline brute‑force to recover the key. With the cracked secret, an attacker can forge administrative tokens, modify the JWT payload, and resigns to...

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/07 6:19 a.m.•2 views

CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30796

Name of the Vulnerable Software and Affected Versions parisneo/lollms versions prior to 2.2.0 Description Session management is subject to improper access control because a weak secret key is used for signing JSON Web Tokens JWT. This allows an attacker to conduct an offline brute-force attack to...

9.8CVSS8.6AI score0.00027EPSS

Exploits1References6

CNNVD•added 2026/04/07 12:0 a.m.•5 views

LoLLMs 安全漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Version 2.1.0 of LoLLMs contains a security vulnerability. This vulnerability arises from the use of weak keys for signing JSON Web Tokens, leading to improper access control. This could allow attackers to...

9.8CVSS7.3AI score0.00027EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•5 views

PT-2026-30901