Lucene search
K

15109 matches found

Nuclei
Nuclei
added 13 hours ago16 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.3AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago112 views

CZ Loan Management <= 1.1 - SQL Injection

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-5975 info: name: CZ Loan Management = 1.1 - SQL Injection author...

9.1CVSS6.1AI score0.01958EPSS
Exploits1References3
Circl
Circl
added yesterday4 views

CVE-2020-8636

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:19+00:00| seen| https://t.me/GithubRedTeam/90443 2026-07-14 00:00:36+00:00| seen| https://t.me/GithubRedTeam/90443...

10CVSS7AI score0.04014EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-34207

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:18+00:00| seen| https://t.me/GithubRedTeam/90703 2026-07-14 00:00:34+00:00| seen| https://t.me/GithubRedTeam/90703...

7.6CVSS6.1AI score0.00239EPSS
Exploits2References1
Circl
Circl
added yesterday5 views

CVE-2323-41892

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:15+00:00| seen| https://t.me/GithubRedTeam/91392 2026-07-14 00:00:32+00:00| seen| https://t.me/GithubRedTeam/91392...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-6541

CVE-2026-6541 affects Mattermost versions 11.7.x &lt;= 11.7.1, 11.6.x &lt;= 11.6.4, and 10.11.x

4.3CVSS6.1AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-9820

Mattermost versions 11.7.x &lt;= 11.7.2 and 10.11.x

3.8CVSS6.1AI score
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43308

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS6.1AI score0.0021EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-54602

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...

7.1CVSS0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added last week24 views

CVE-2026-54602 FastGPT: Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecord

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...

7.1CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added last week15 views

CVE-2026-54602

CVE-2026-54602 — FastGPT : A cross-team information disclosure via GET /api/core/ai/record/getRecord existed prior to version 4.15.0. The endpoint authenticated users but loaded LLM request/response traces by requestId without team scoping, allowing any authenticated user to read another team’s p...

7.1CVSS6AI score0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-54602

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...

7.1CVSS6AI score0.00227EPSS
Exploits0References3Affected Software1
OSV
OSV
added last week5 views

CVE-2026-54602 FastGPT: Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecord

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...

7.1CVSS6AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added last week26 views

CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS0.00299EPSS
Exploits0References4
CVE
CVE
added last week14 views

CVE-2026-55418

Summary: CVE-2026-55418 affects FastGPT prior to v4.15.0-beta5, where two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request. The key’s association with the caller’s team is not validated, allowing cross-team file d...

8.6CVSS6AI score0.00299EPSS
Exploits0References4
OSV
OSV
added last week5 views

CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS6AI score0.00299EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5869 Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher

Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 4:17 a.m.9 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:19 a.m.17 views

CVE-2026-34048

CVE-2026-34048 concerns Coolify prior to 4.0.0-beta.471, where terminal websocket bootstrap routes failed to enforce terminal authorization, only checking authentication. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers. The issue is fix...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:12 a.m.12 views

CVE-2026-34044

The CVE-2026-34044 issue affects Coolify prior to 4.0.0-beta.466 where Logs::mount() looks up resources by UUID without limiting to the current team. This enables an authenticated user to read logs for applications owned by other teams by supplying a victim resource UUID, constituting a cross‑tea...

7.7CVSS5.9AI score0.00244EPSS
Exploits0References3
Rows per page
Query Builder