Lucene search
K

6881 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-33276

Mautic has Server-Side Template Injection SSTI in Theme Templates...

9.9CVSS5.8AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added yesterday13 views

EUVD-2026-36320

OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-41385

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday47 views

AnythingLLM - Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

7.5CVSS7.1AI score0.29187EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

5.3CVSS5.8AI score0.00543EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-58024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS5.8AI score0.00382EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-5135 Foreman: foreman: unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2 days ago2 views

UBUNTU-CVE-2026-58029

Check for editmyprivateinfo right in more places...

5.3CVSS5.8AI score0.00543EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-57995

phpMyFAQ

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:16 p.m.5 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.6 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:26 p.m.31 views

CVE-2026-48940 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52206

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.11 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An incorrect authorization check allows an authenticated user with developer-role permissions to bypass...

4.3CVSS5.8AI score0.00195EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.3AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 3:44 p.m.34 views

CVE-2026-54301 n8n: Same-Origin XSS in Respond to Webhook Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

7CVSS0.00216EPSS
Exploits0References1
Debian
Debian
added 2026/06/22 2:44 a.m.4 views

[SECURITY] [DLA 4640-1] mediawiki security update

Debian LTS Advisory DLA-4640-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 22, 2026 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u7 $bookwormVERSION CVE ID : CVE-2026-34087 CVE-2026-34088 CVE-2026-34093 CVE-2026-34095 Multiple...

7.5CVSS5.7AI score0.0029EPSS
Exploits0
NVD
NVD
added 2026/06/21 2:16 p.m.10 views

CVE-2026-56396

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

8.8CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.32 views

CVE-2026-56396 phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

8.8CVSS0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:27 p.m.9 views

EUVD-2026-38162

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
Rows per page
Query Builder