Lucene search
K

619 matches found

Github Security Blog
Github Security Blog
added 2026/03/02 9:41 p.m.8 views

OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling

Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...

7.5CVSS6.1AI score0.00394EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/02 7:42 p.m.5 views

Information Exposure

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Information Exposure via the POST /api/v2/auth/password/forgot endpoint. An attacker can determine whether a specific email address is registered by submitting password reset requests and analyzing the differing...

6.9CVSS6AI score0.00601EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/02 7:42 p.m.10 views

NocoDB Vulnerable to User Enumeration via Password Reset Endpoint

Summary The password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. Details POST /api/v2/auth/password/forgot returned a success message for registered emails but 'Your email has not been registered.' for unknown emails. The fix...

6.9CVSS5.9AI score0.00601EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:25 p.m.7 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.11 views

CVE-2026-1779

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

8.1CVSS5.3AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.7 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:23 a.m.28 views

CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 2:23 a.m.6 views

CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:23 a.m.41 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 12:0 a.m.13 views

CVE-2026-26744

FormaLMS is affected version 4.1.18 and earlier. A user enumeration flaw exists in the password recovery endpoint (/lostpwd) where responses differ between valid and invalid usernames, allowing unauthenticated attackers to determine registered usernames. Impact is limited to information disclosur...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/18 7:21 p.m.5 views

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.6 views

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

5.5AI score0.00476EPSS
Exploits1References2
CVE
CVE
added 2026/02/18 12:0 a.m.17 views

CVE-2025-70064

CVE-2025-70064 affects PHPGurukul Hospital Management System v4.0. A low-privileged user (Patient) can directly reach the Administrator Dashboard and sub-modules by navigating to the /admin/ directory after authentication, enabling privilege escalation to view confidential logs and modify system ...

8.8CVSS5.5AI score0.00476EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/11 9:5 a.m.12 views

CVE-2025-13648

CVE-2025-13648 describes a stored XSS in ZeusWeb 6.1.31 from Microcom. An attacker with access to the web application can inject arbitrary JavaScript by submitting an XSS payload into the Name and Surname fields in the My Account section at https://zeus.microcom.es:4040/administracion-estaciones....

6.1CVSS5.7AI score0.00227EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Nsasoft SpotFTP 安全漏洞

Nsasoft SpotFTP is an FTP client password recovery tool developed by the US company Nsasoft. Version 3.0.0.0 of Nsasoft SpotFTP contains a security vulnerability; this vulnerability stems from a buffer overflow in the registered name input field, which may cause the application to crash...

7.5CVSS6AI score0.0031EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.44.0 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.12 views

Nsasoft Nsauditor 安全漏洞

Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.2.0.0 contains a security vulnerability. This vulnerability stems from improper handling of the registered name input field, which may lead to application crashes...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References3
NVD
NVD
added 2026/02/04 5:16 p.m.4 views

CVE-2026-23090

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

5.5CVSS0.00123EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 4:8 p.m.23 views

CVE-2026-23090 slimbus: core: fix device reference leak on report present

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/02/04 4:8 p.m.3 views

CVE-2026-23090 slimbus: core: fix device reference leak on report present

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

5.5CVSS5.2AI score0.00123EPSS
Exploits0References10
Rows per page
Query Builder