Lucene search
K

2840 matches found

Cvelist
Cvelist
added 2026/04/23 9:58 p.m.31 views

CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

5.4CVSS0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 12:0 a.m.3 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

5.8AI score0.00281EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24373

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

5.9CVSS5.7AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 9:31 p.m.5 views

GHSA-65FP-7G2V-658R Bagisto affected by Cross-site Scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6
CVE
CVE
added 2026/04/21 5:5 p.m.15 views

CVE-2026-40584

CVE-2026-40584 affects RansomLook. The vulnerability arises in the API at website/web/api/genericapi.py prior to version 1.9.0, where entries marked private are not properly filtered due to removing elements from a list while iterating. This can cause private location entries to be unintentionall...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/20 10:16 a.m.5 views

CVE-2026-6624

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has bee...

4.8CVSS0.00206EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 10:16 a.m.10 views

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS0.00206EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 7:16 a.m.5 views

CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

6.5CVSS0.00216EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 9:45 a.m.10 views

CVE-2026-6568 kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

7.5CVSS5.4AI score0.00513EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/17 5:54 a.m.4 views

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.23 views

PT-2026-33533

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...

5.3CVSS5.7AI score0.00335EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/15 8:21 a.m.8 views

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

5.4CVSS6AI score0.00183EPSS
Exploits0References5
CVE
CVE
added 2026/04/14 5:51 p.m.8 views

CVE-2026-5754

Radware Alteon vADC load-balancer, version 34.5.4.0, contains a reflected XSS in the ReturnTo parameter of the /protected/login route due to lack of input sanitization. An attacker can craft a link that injects JavaScript, which is reflected in the victim’s browser, enabling actions such as steal...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 6:34 p.m.9 views

EUVD-2025-209310

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingxasp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.2AI score0.00395EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 9:16 a.m.15 views

CVE-2026-39562

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...

5.3CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

5.9AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31552

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration version 3.1 Description A security issue exists in PHPGurukul Online Course Registration 3.1 related to the processing of the /admin/check availability.php file. Manipulation of the regno argument can lead...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/07 3:30 p.m.4 views

EUVD-2026-19701

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 4.4 Medium. This issue was fixed in...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 5:13 a.m.3 views

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

4.6CVSS5.9AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 8:17 p.m.15 views

EUVD-2026-19480

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS6AI score0.00136EPSS
Exploits0References1
Rows per page
Query Builder