Lucene search
+L

298806 matches found

nvd
nvd
added 8 minutes ago0 views

CVE-2026-62231

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS
Exploits0References2
nvd
nvd
added 8 minutes ago0 views

CVE-2026-14956

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS
Exploits0References2
cvelist
cvelist
added 55 minutes ago3 views

CVE-2026-14956 Bricksforge <= 3.1.8.6 - Unauthenticated Privilege Escalation via Pro Forms fieldIds Parameter

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS
Exploits0References2
cve
cve
added 55 minutes ago3 views

CVE-2026-14956

The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...

9.8CVSS5.9AI score
Exploits0References2
euvd
euvd
added 1 hour ago5 views

EUVD-2026-45048

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access...

9.8CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added 2 hours ago3 views

CVE-2026-62231 Grav < 1.0.6 API Key Scope Bypass via ApiKeyAuthenticator

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS
Exploits0References2
euvd
euvd
added 2 hours ago3 views

EUVD-2026-45119

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS6.1AI score
Exploits0References2
cve
cve
added 2 hours ago4 views

CVE-2026-62231

The Grav API plugin (getgrav/grav-plugin-api) prior to version 1.0.6 has an authorization bypass in ApiKeyAuthenticator: API keys with restricted scopes are ignored, and the API key resolves to the owning user’s full account, allowing a key with limited scopes (e.g., read-only) to perform any ope...

8.6CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 2 hours ago3 views

PT-2026-60641

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS6.1AI score
Exploits0References2
bdu_fstec
bdu_fstec
added yesterday29 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
bdu_fstec
bdu_fstec
added yesterday26 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
nvd
nvd
added yesterday4 views

CVE-2026-44181

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable ...

10CVSS0.0086EPSS
Exploits0References2
nvd
nvd
added yesterday4 views

CVE-2026-43978

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00026EPSS
Exploits0References1
mssecure
mssecure
added yesterday5 views

ACR Stealer: Two observed intrusion chains amid increased threat activity

In this article 1. Campaign 1: WebDAV-based ClickFix with Python loaders and blockchain C2 2. Campaign 2: MSHTA-initiated PowerShell chain with steganographic payload delivery 3. Mitigation and protection guidance 4. References 5. Learn more From late April 2026 to mid-June 2026, Microsoft Defend...

6.4AI score
Exploits0
nvd
nvd
added yesterday5 views

CVE-2026-53412

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access...

9.8CVSS
Exploits0References1
nvd
nvd
added yesterday4 views

CVE-2026-44177

Kirby is an open-source content management system. In versions 5.3.0 and above but prior to 5.4.1, Kirby did not correctly validate the provided user ID, resulting in a path traversal vulnerability. Version 5.3.0 introduced a performance improvement to the Users collection that loaded user object...

8.8CVSS0.00173EPSS
Exploits0References2
nvd
nvd
added yesterday4 views

CVE-2026-45334

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model...

5.3CVSS0.00033EPSS
Exploits0References2
attackerkb
attackerkb
added yesterday3 views

CVE-2026-43978

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS6AI score0.00026EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added yesterday5 views

CVE-2026-43978 wger: Privilege escalation via trainer-login session chaining allows gym trainers to impersonate gym managers

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00026EPSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-45066

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS6AI score0.00026EPSS
Exploits0References1
Rows per page
Query Builder