Lucene search
+L

4453 matches found

nuclei
nuclei
added 2 days ago71 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS7AI score0.208EPSS
Exploits1References5
osv
osv
added 6 days ago3 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
ossf
ossf
added 6 days ago9 views

Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
attackerkb
attackerkb
added 6 days ago6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
euvd
euvd
added 2026/07/09 8:31 a.m.8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
nvd
nvd
added 2026/07/09 8:16 a.m.5 views

CVE-2026-14245

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
euvd
euvd
added 2026/07/09 6:0 a.m.6 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 12:31 a.m.11 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
euvd
euvd
added 2026/07/09 12:31 a.m.8 views

EUVD-2026-42442

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score0.00139EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 10:17 p.m.6 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 10:17 p.m.7 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 9:39 p.m.6 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/08 9:29 p.m.6 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score0.00139EPSS
Exploits0References2
nvd
nvd
added 2026/07/01 5:16 a.m.9 views

CVE-2026-12113

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS0.00228EPSS
Exploits0References8
nvd
nvd
added 2026/06/22 2:17 p.m.13 views

CVE-2026-7166

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

9.2CVSS0.00384EPSS
Exploits0References1
cve
cve
added 2026/06/22 12:47 p.m.11 views

CVE-2026-7166

CVE-2026-7166 affects the Assassin game by Gaudire. The API and local database expose sensitive data via the email and telefon fields, including data on minors and municipal users. This unauthenticated remote access could compromise confidentiality (CVSS 4.0 base 9.2, HIGH impact). No exploit or ...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/22 12:47 p.m.31 views

CVE-2026-7166 Multiple vulnerabilities in the Assassin game by Gaudire

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

9.2CVSS0.00384EPSS
Exploits0References1
euvd
euvd
added 2026/06/22 12:47 p.m.9 views

EUVD-2026-38236

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References1
malwarebytes
malwarebytes
added 2026/06/19 11:47 a.m.11 views

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...

8.8CVSS6AI score0.04372EPSS
Exploits0
euvd
euvd
added 2026/06/18 6:50 a.m.11 views

EUVD-2026-37864

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References10
Rows per page
Query Builder