Lucene search
+L

15326 matches found

CVE
CVE
added 5 days ago10 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-55954

CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago25 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
OSV
OSV
added 5 days ago5 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References9
CVE
CVE
added 5 days ago18 views

CVE-2026-9292

Technical details about CVE-2026-9292 are not publicly available in the provided documents; monitor for updates.

8.4CVSS6.2AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00165EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin up to version 3.1.1.2. The root cause is that the plugin does not verify that the email address used during two-factor authentication setup belongs to the user, enabling an attacker who already has the user’s credentials to redirect the setup ver...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43628

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-43624

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS6.1AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-11563

CVE-2026-11563 affects the Word Count and Social Shares WordPress plugin (version

9.6CVSS6.1AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-60395

Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description A time-of-check to time-of-use TOCTOU race condition occurs during the installation and uninstallation process. This flaw allows an authenticated local user to escalate...

7CVSS6.2AI score0.00093EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-60111

Name of the Vulnerable Software and Affected Versions Woodpecker CI versions v1.0.0 through v3.15.0 Description A privilege escalation issue exists in instances using the Kubernetes backend. The pipeline option backend options.kubernetes.serviceAccountName is passed directly to the pod spec witho...

8.2CVSS6.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Zoom Workplace < 7.0.0 Vulnerability (ZSB-26014)

The version of Zoom Workplace installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. - Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago16 views

PT-2026-60293

Name of the Vulnerable Software and Affected Versions Zoom Workplace for Windows versions prior to 7.0.0 Zoom VDI Client for Windows versions prior to 7.0.10 Zoom VDI Client for Windows versions prior to 6.6.15 Zoom VDI Client for Windows versions prior to 6.5.18 Zoom Meeting SDK for Windows...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Zoom Workplace VDI Client < 7.0.10 Vulnerability (ZSB-26014)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 7.0.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. - Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-49971

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
Rows per page
Query Builder