Lucene search
+L

31 matches found

EUVD
EUVD
added 2026/06/30 3:56 p.m.8 views

EUVD-2026-40356

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:56 p.m.7 views

CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 3:56 p.m.3 views

CVE-2026-58176 RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS6AI score0.00264EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 12:16 p.m.23 views

CVE-2026-56422

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS0.00362EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48953

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow platform affected versions not specified Description A flaw in the onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to...

8.8CVSS5.3AI score0.00312EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 6:9 p.m.56 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 3:31 a.m.11 views

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
NVD
NVD
added 2026/04/11 2:16 a.m.5 views

CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS0.00358EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/07 10:0 p.m.5 views

CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

6.9CVSS5.9AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 11:18 a.m.19 views

CVE-2026-3139

The CVE-2026-3139 vulnerability affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.15.5. The issue is insecure direct object reference via wppb_save_avatar_value(), caused by missing validation on a user-contro...

4.3CVSS6AI score0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/28 9:47 p.m.5 views

CVE-2026-28557 wpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization Handler

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

7.1CVSS5.9AI score0.00274EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/28 9:47 p.m.7 views

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

7.1CVSS6AI score0.00274EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.12 views

PT-2026-3517

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00188EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.6 views

CVE-2025-12900

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible f...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 3:15 p.m.4 views

CVE-2025-12900

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible f...

4.3CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2025/12/15 2:25 p.m.10 views

CVE-2025-12900

The CVE-2025-12900 entry concerns the WordPress FileBird plugin (FileBird – WordPress Media Library Folders & File Manager) with a vulnerability in all versions up to 6.5.1. Root cause: missing authorization in ConvertController::insertToNewTable due to insufficient validation on a user-controlle...

4.3CVSS5.5AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25176

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 1:12 p.m.20 views

CVE-2025-4046

CVE-2025-4046 describes a Missing Authorization vulnerability in Lexmark Cloud Services badge management that could allow reassigning badges within an organization. Affected surface: Lexmark Cloud Services badge management component; root cause: insufficient access control enabling unauthorized r...

8.5CVSS6.5AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Lexmark Cloud Services 安全漏洞

Lexmark Cloud Services is a cloud-based suite of services from Lexmark, Inc. A security vulnerability exists in Lexmark Cloud Services that stems from a lack of authorization for badge management and could allow an attacker to reassign badges within an organization...

8.5CVSS6.7AI score0.00279EPSS
Exploits0References2
Rows per page
Query Builder