Lucene search
K

162611 matches found

NVD
NVD
added 32 minutes ago2 views

CVE-2026-9571

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS
Exploits0References1
NVD
NVD
added 32 minutes ago2 views

CVE-2026-10106

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS
Exploits0References1
GithubExploit
GithubExploit
added 1 hour ago10 views

Exploit for CVE-2026-57830

Helix Ultimate Framework — Unauthenticated Path-Traversal Arbi...

8.8CVSS6AI score
Exploits1
Cvelist
Cvelist
added 1 hour ago8 views

CVE-2026-10106 Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-10106

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS
Exploits0References1
CVE
CVE
added 1 hour ago8 views

CVE-2026-9571

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago8 views

CVE-2026-9571 Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS
Exploits0References1
The Hacker News
The Hacker News
added 2 hours ago3 views

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bashhistory. From that one lapse, French security firm Lexfo...

6.2AI score
Exploits0
NVD
NVD
added 2 hours ago3 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

Exploits0References1
F5 Networks
F5 Networks
added 3 hours ago3 views

K000162204: Linux kernel vulnerability CVE-2025-37789

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

7.8CVSS6AI score0.00179EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

Exploits0References1
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-11963 User Registration & Membership < 5.2.2 - Subscriber+ Cross-User Role and Membership Tier Modification via IDOR

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

Exploits0References1
CVE
CVE
added 3 hours ago5 views

CVE-2026-11963

The CVE-2026-11963 entry concerns the WordPress plugin “User Registration & Membership” (up to version 5.2.1). It states that an authorization check is missing for a membership-upgrade action and that the target user is selected using a caller-supplied identifier rather than the current user. Thi...

6.1AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 4 hours ago11 views

Exploit for CVE-2026-5118

CVE-2026-5118 — Divi Form Builder ≤ 5.1.2 Unauthenticated Pr...

9.8CVSS6.1AI score0.00487EPSS
Exploits5
GithubExploit
GithubExploit
added 4 hours ago10 views

Exploit for Use After Free in Linux Linux_Kernel

Mi 8e5 Unlock Toolkit Automated bootloader unlock assistant f...

7.8CVSS6.8AI score0.00125EPSS
Exploits9
Positive Technologies
Positive Technologies
added 9 hours ago4 views

PT-2026-57631

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 9 hours ago2 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 9 hours ago3 views

PT-2026-57662

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added 9 hours ago3 views

PT-2026-57655

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS
Exploits0References2
Rows per page
Query Builder