48 matches found
Exploit for CVE-2026-6741
CVE-2026-6741 CVE-2026-6741 is a CVSS 8.8 High Authenticated...
CVE-2026-42606
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...
CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...
CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
EUVD-2026-28881
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
CVE-2026-7652
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bug: NULL pointer dereference in the kernel, address: 0000000000000020 PGD: 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ 7 RIP: 0010: icegetqcoalesce+0x2e/0xa0 ice RSP:...
PYSEC-2026-109
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-41426
CVE-2026-41426 affects pretalx (prior to 2026.1.0). An unauthenticated attacker can inject arbitrary HTML-rendered emails by embedding malformed HTML or markdown in a user-controlled template placeholder (e.g., account display name). The most direct vector is the password-reset flow: attacker cre...
EUVD-2026-25616
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow...
EUVD-2026-18566
Shynet before 0.14.0 allows Host header injection in the password reset flow...
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow...
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow...
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow...
CVE-2026-35507
CVE-2026-35507 affects Shynet before version 0.14.0. The issue is a Host header injection flaw in the password reset flow, with a CVSS 3.1 base score of 6.4 (Network, High impact on integrity; Low on confidentiality and availability; User interaction required). Root cause is insecure Host header ...
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...
PT-2026-24189
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.21 Description A low-privileged user can bypass authorization and tenant isolation in OneUptime by sending a forged is-multi-tenant-query header along with a controlled projectid header. The server incorrectly...
CVE-2026-21622
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
CVE-2026-21622
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...