Lucene search
K

1731 matches found

EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-40459

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-55721

The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...

9.3CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added yesterday14 views

CVE-2026-58376 Dolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints

Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictionary and multicurrencies REST API endpoints. Th...

7.6CVSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-58376

Dolibarr

7.6CVSS6AI score
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-40522

FrontAccounting

7.1CVSS6AI score0.00148EPSS
Exploits0References4
NVD
NVD
added 6 days ago5 views

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39431

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS5.8AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-9651

Technical details about CVE-2026-9651 are not provided in the supplied documents. Public sources summarize CWE-732; monitor for updates from NVD, CVE listings, and vuln enrichment feeds.

6.7CVSS5.8AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS0.00106EPSS
Exploits0References1
Nuclei
Nuclei
added 6 days ago54 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.99597EPSS
Exploits3References4
NVD
NVD
added last week8 views

CVE-2026-53949

Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-53949

Summary (CVE-2026-53949) Ghost CMS (Node.js). Affected versions: 5.46.1–6.21.2. Description: validation on filters for public API endpoints could be partially bypassed, enabling disclosure of private fields via brute-force. Impact depends on database: with SQLite, password hashes were fully acces...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:0 a.m.6 views

EUVD-2026-38697

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:0 a.m.14 views

CVE-2026-9710

The CVE covers the premium Cornerstone WordPress component bundled with X Theme, affected versions before 7.8.8. Root cause: a CSS-preview request handler did not enforce capability checks and exposed the nonce to every logged-in user on wp-admin pages. Impact: any authenticated user can evaluate...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.34 views

CVE-2026-9710 Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38689

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS6AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51702

Name of the Vulnerable Software and Affected Versions Cornerstone WordPress plugin versions prior to 7.8.8 Description The premium Cornerstone page builder, bundled with the X theme, fails to enforce capability checks on a CSS-preview request handler. Additionally, the nonce required to call this...

7.7CVSS5.9AI score0.00219EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:54 p.m.4 views

CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS6AI score0.00322EPSS
Exploits0References2Affected Software3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.7AI score0.013EPSS
Exploits0References2
Rows per page
Query Builder