Lucene search
K

381 matches found

CVE
CVE
added 2026/03/19 9:21 p.m.11 views

CVE-2026-32752

FreeScout (PHP Laravel) prior to 1.8.209 is affected by a broken access control in ThreadPolicy::edit() that lets any authenticated user read and modify all customer messages across all mailboxes. The underlying issue enables silent modification of customer messages and bypasses mailbox-permissio...

8.1CVSS5.7AI score0.00283EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24154

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description A missing authorization check in SAP NetWeaver Application Server for ABAP allows an authenticated attacker to execute a specific ABAP function module. This...

6.4CVSS5.6AI score0.00205EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.26 views

CVE-2026-28450 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

8.3CVSS0.0034EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.5 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS6AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 10:14 p.m.18 views

CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budge...

7.1CVSS0.00295EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.6 views

CVE-2025-13776

Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...

8.6CVSS5.3AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 5:29 p.m.4 views

CVE-2025-13776

Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...

7.1CVSS5.7AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 5:29 p.m.6 views

CVE-2025-13776

Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...

8.6CVSS0.0015EPSS
Exploits0References2
CVE
CVE
added 2026/02/18 2:53 p.m.20 views

CVE-2026-23230

CVE-2026-23230 is a Linux kernel local race in the SMB/CIFS client code where cached_fid bitfields (is_open, has_lease, on_list) were updated via concurrent paths, causing read–modify–write races. The root cause is that these three flags shared a single byte, so an update to one could overwrite o...

8.8CVSS5.4AI score0.00218EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the sharing of bit fields with bytes, potentially leading to read-modify-write competition...

8.8CVSS5.8AI score0.00218EPSS
Exploits0References6
Redos
Redos
added 2026/02/16 12:0 a.m.7 views

ROS-20260216-73-0031

A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...

6.1CVSS5.6AI score0.00261EPSS
Exploits1
NVD
NVD
added 2026/02/10 7:16 a.m.11 views

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:59 a.m.4 views

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.5AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/10 6:59 a.m.3 views

CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.5AI score0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 6:59 a.m.23 views

CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:47 a.m.4 views

CVE-2026-2094

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS6.3AI score0.00319EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/10 6:47 a.m.16 views

CVE-2026-2094

CVE-2026-2094 concerns Docpedia (Flowring) with a SQL Injection flaw. The described impact: authenticated remote attackers can inject arbitrary SQL to read, modify, and delete database contents. The connected sources (NVD/Red Hat/CVE listing and other feeds) reiterate the same description; no con...

8.8CVSS6.3AI score0.00319EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 7:9 a.m.4 views

CVE-2026-2234

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

9.3CVSS5.5AI score0.00449EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.11 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 a.m.9 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

4.3CVSS0.00194EPSS
Exploits0References5
Rows per page
Query Builder