Lucene search
K

163 matches found

CVE
CVE
added 3 days ago12 views

CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpo...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40169

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS5.8AI score0.00171EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protection was added to the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. However, access to the device queue is not protected against...

5.5CVSS5.1AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:16 a.m.16 views

CVE-2026-9185

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS0.00403EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

WordPress plugin 6Storage Rentals 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...

7.5CVSS5.9AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-50213

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.4AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 7:39 a.m.7 views

CVE-2026-50213 Bulk User Private Data Harvesting

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:39 a.m.10 views

EUVD-2026-34225

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the account verification endpoint/v1/User/validate, which returns a full set of user profile data tables. It is possible to...

8.7CVSS5.3AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 12:0 a.m.10 views

EUVD-2026-31838

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.8 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.12 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.38 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-45157

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...

5.5AI score0.00037EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/19 10:19 a.m.9 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 5:5 p.m.5 views

GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-38263

Name of the Vulnerable Software and Affected Versions auth0-js versions 8.11.0 through 9.32.0 Description Improper validation in the Auth0.js SDK may allow the return of user profile data when a specifically crafted invalid ID token is used in conjunction with a valid access token. This issue...

7.1CVSS5.6AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

WordPress plugin UsersWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00234EPSS
Exploits0References10
OSV
OSV
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's profile U...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:52 p.m.6 views

EUVD-2026-13332

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder