Lucene search
K

1200 matches found

Nuclei
Nuclei
added 5 hours ago38 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7AI score0.39391EPSS
Exploits4References5
NVD
NVD
added yesterday4 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-11869

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-11869

The CVE concerns WP DSGVO Tools (GDPR) WordPress plugin prior to 3.1.40. A missing authorization check on the immediate-processing path of the data subject access request feature allows unauthenticated attackers to generate and download the full personal-data export (name, postal address, phone n...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-11869 WP DSGVO Tools (GDPR) < 3.1.40 - Unauthenticated Sensitive Information Disclosure via Subject Access Request

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56808

Name of the Vulnerable Software and Affected Versions AcyMailing versions prior to 10.11.1 Description An unauthenticated SQL injection flaw exists in the AcyMailing component for Joomla. This issue allows a remote attacker to execute crafted SQL queries to gain unauthorized access to the databas...

9.2CVSS6.1AI score0.00263EPSS
Exploits1References6
NVD
NVD
added 6 days ago10 views

CVE-2026-56226

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

MAL-2026-10233 Malicious code in sams-sr-sdk-h5 (npm)

The sams-sr-sdk-h5 package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'sams' internal...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

MAL-2026-10236 Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in @logdna-web/styles (npm)

The @logdna-web/styles package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @logdna-w...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in @logdna-web/shared (npm)

The @logdna-web/shared package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @logdna-w...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in @idms-corp/auth-ui (npm)

The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @idms-cor...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

MAL-2026-10222 Malicious code in @flex-ng/filter-pipe (npm)

The @flex-ng/filter-pipe package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @flex-n...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55642

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. Recommendations At the moment, there is no...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 8:33 a.m.8 views

EUVD-2026-41263

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 5:16 p.m.25 views

CVE-2026-56782

Gorse before 0.5.10 contains an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. When admin_api_key is empty (default configuration), unauthenticated remote attackers can access protected functionality, enabling either exfiltration of the entire database (in...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References4
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
Rows per page
Query Builder