Lucene search
K

430 matches found

Nuclei
Nuclei
added yesterday103 views

Moodle - Remote Code Execution

Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system. id: CVE-2024-43425 info: name: Moodle - Remote Code Execution author:...

8.1CVSS7.2AI score0.83343EPSS
Exploits8References4
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, furthermore, password resets are not limited in any way. An attacker who...

7.1CVSS0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:58 a.m.8 views

EUVD-2026-40950

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, furthermore, password resets are not limited in any way. An attacker who...

7.1CVSS5.8AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.23 views

CVE-2026-53904

CVE-2026-53904 affects MCO; vulnerability is an Account Denial of Service due to improper password-reset implementation. The description across sources states that every reset request invalidates the current password and any issued temporary passwords, with no limits on reset requests. An attacke...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54830

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Account Denial of Service occurs due to the improper implementation of the password reset functionality. Each request to reset a password invalidates the current password and any previously issued temporary...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/27 1:27 a.m.9 views

EUVD-2026-39932

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
OSV
OSV
added 2026/06/23 10:27 p.m.3 views

GHSA-8C6H-7G6X-M5X4 phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)

Missing Authorization in API CategoryController — CVE-2026-24421 fixed BackupController by adding userHasPermissionPermissionType::BACKUP. The same fix was NOT applied to 4 other write endpoints in the public API. All 4 only call hasValidToken shared API key but never call userHasPermission,...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/11 12:0 a.m.16 views

A Bootiful Podcast: Spring Security lead Rob Winch answers some security questions for me

Hi Spring and security fans! I got the legendary Spring Security lead Rob Winch to answers some of my burning security questions for us! Also: make sure you're downloading all the updates for the new Spring releases this week, the week of June 11th, 2026! or later...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.14 views

CVE-2026-34905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/09 10:23 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.14 views

CVE-2026-34905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 7:35 a.m.39 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:35 a.m.8 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

5.4AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 7:35 a.m.1 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 7:35 a.m.11 views

EUVD-2026-35372

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:35 a.m.33 views

CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

6.5CVSS5.4AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder