Lucene search
+L

199 matches found

Snyk
Snyk
added 2026/07/09 9:2 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the deleteUserReaction process. An attacker can access and manipulate sensitive database information by injecting crafted SQL through the idreaction and id URL path parameters as an authenticated user. Remediation...

8.8CVSS6.1AI score0.00034EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 7:16 p.m.9 views

CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 6:35 p.m.7 views

EUVD-2026-41419

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:40 p.m.2 views

GHSA-J9PP-7WFG-Q7FJ Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines

Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in ChemKinFormat::ReadReactionQualifierLines. A malformed reaction qualifier record caused the parser to dereference a NULL pointer. Impac...

5.5CVSS5.8AI score0.00187EPSS
Exploits1References9
OSV
OSV
added 2026/06/18 8:13 p.m.6 views

GHSA-FCVX-5CXC-V5P8 OpenClaw: Slack reaction events could ignore reaction notification settings

Summary Slack reaction events could ignore reaction notification settings. In affected versions, a Slack reaction event delivered to the configured app could enter the agent pipeline even when reaction notifications were disabled. This advisory is scoped to the named feature and configuration. It...

6.3CVSS5.6AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.18 views

CVE-2026-53851

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading ...

6.3CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:23 p.m.9 views

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.13 views

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 5:16 p.m.19 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 5:16 p.m.16 views

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:8 p.m.9 views

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 4:8 p.m.10 views

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 4:8 p.m.3 views

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 4:8 p.m.14 views

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 4:8 p.m.22 views

CVE-2026-40314

NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45802

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.16 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/30 9:29 a.m.54 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS0.00593EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/05/30 9:29 a.m.11 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.12 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References13
Rows per page
Query Builder