Lucene search
+L

15281 matches found

attackerkb
attackerkb
added yesterday2 views

CVE-2026-58077

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score0.00418EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-58077 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score0.00418EPSS
Exploits0References1
cve
cve
added 2 days ago7 views

CVE-2026-48000

CVE-2026-48000 affects Adobe Commerce and is an open redirect vulnerability in the URL redirection logic. The underlying issue is an improper redirect that can bypass a security feature and potentially lead to credential theft or account takeover if a user clicks a malicious link. Exploitation re...

6.1CVSS6.1AI score0.0074EPSS
Exploits0References1Affected Software1
osv
osv
added 2 days ago2 views

DEBIAN-CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS0.00239EPSS
Exploits0References7
nvd
nvd
added 2 days ago6 views

CVE-2026-55954

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
cve
cve
added 2 days ago12 views

CVE-2026-62644

This CVE (CVE-2026-62644) affects Roundcube Webmail prior to 1.6.17 and 1.7.x prior to 1.7.2. The vulnerability lies in the password plugin, where session data usability allowed username spoofing, potentially enabling account takeover. The bases of impact are high for confidentiality and integrit...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References7
osv
osv
added 2 days ago3 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References9
cve
cve
added 2 days ago9 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References1
osv
osv
added 2 days ago3 views

CVE-2026-55651 Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure

Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointmen...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago23 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
osv
osv
added 2 days ago3 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References9
cve
cve
added 2 days ago12 views

CVE-2026-55954

CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References4
cve
cve
added 2 days ago11 views

CVE-2026-9292

Technical details about CVE-2026-9292 are not publicly available in the provided documents; monitor for updates.

8.4CVSS6.2AI score0.00311EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS0.00169EPSS
Exploits0References1
nvd
nvd
added 2 days ago6 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00165EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago4 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
cve
cve
added 2 days ago13 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin up to version 3.1.1.2. The root cause is that the plugin does not verify that the email address used during two-factor authentication setup belongs to the user, enabling an attacker who already has the user’s credentials to redirect the setup ver...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
euvd
euvd
added 2 days ago4 views

EUVD-2026-43624

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS6.1AI score0.00165EPSS
Exploits0References1
euvd
euvd
added 2 days ago4 views

EUVD-2026-43628

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder