Lucene search
K

16015 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54834

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 6:16 a.m.9 views

CVE-2026-12073

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...

9.8CVSS0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu: Fix NULL group-domain dereference in pcidevresetiommudone Local sashiko review pointed it out that group-domain could be NULL when a default domain fails...

5.5CVSS6AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53809

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities versions prior to 5.9.9.6 Description An issue allows unauthenticated attackers to perform privilege escalation via account takeover. The flaw exists because the plugin fails to validate the...

9.8CVSS6AI score0.0031EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g...

5.5CVSS6AI score0.00095EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet. CVE-2026-53301...

5.5CVSS6AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 11:16 p.m.12 views

CVE-2026-10648

mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...

6.2CVSS0.00109EPSS
Exploits1References2
NVD
NVD
added 2026/06/29 6:16 p.m.9 views

CVE-2026-56780

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:14 p.m.34 views

CVE-2026-56780 Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:14 p.m.6 views

EUVD-2026-40155

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:14 p.m.10 views

CVE-2026-56780

Modoboa prior to version 2.9.0 contains an insecure direct object reference in the PUT /api/v1/accounts/{pk}/password/ API. This flaw allows domain administrators to bypass object‑level access controls and change any user’s password, enabling full account takeover by resetting superadmin password...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-574 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 11:11 a.m.8 views

CVE-2026-53293

A flaw was found in the Linux kernel's AMDGPU graphics driver. Multiple issues exist within the AMDGPUINFOREADMMRREG function, including an incorrect order of operations between the reset semaphore and the memory management lock, and memory allocation while holding the reset semaphore. These issu...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 11:4 a.m.9 views

CVE-2026-53301

A flaw was found in the Linux kernel. Missing reset operations can lead to a null pointer dereference, which may cause system instability or a denial of service DoS. This vulnerability occurs when the system attempts to use uninitialized reset operations, resulting in an unexpected system state...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53755

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...

6.2CVSS5.9AI score0.00109EPSS
Exploits1References6
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.45 views

OctoberCMS - Account Takeover

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...

9.1CVSS7.5AI score0.90418EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.8 views

SUSE CVE-2026-53280

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group-domain dereference in pcidevresetiommudone Local sashiko review pointed it out that group-domain could be NULL when a default domain fails to allocate during the first probe, which can crash at...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.9 views

SUSE CVE-2026-53293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g. copytouser was called while holding the lock. Then we allocated memory...

5.8AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.8 views

SUSE CVE-2026-53301

In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...

5.8AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/27 5:16 a.m.9 views

CVE-2026-12415

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS0.00662EPSS
Exploits0References4
Rows per page
Query Builder