Lucene search
+L

15151 matches found

Nuclei
Nuclei
added 15 hours ago16 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.1AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago113 views

CZ Loan Management <= 1.1 - SQL Injection

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-5975 info: name: CZ Loan Management = 1.1 - SQL Injection author...

9.1CVSS5.6AI score0.01958EPSS
Exploits1References3
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-53444 Wekan: Missing authorization on OIDC Meteor methods allows privilege escalation to admin

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidcserver.js, server/models/org.js, and server/models/team.js are globally callable without the admin authorization checks used by their non-OIDC counterparts. Authenticated use...

7.6CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS0.00283EPSS
Exploits0References4
CVE
CVE
added 3 days ago17 views

CVE-2026-44986

CVE-2026-44986 affects Penpot prior to 2.14.5. The issue allows a pre-authenticated account takeover via team invitation tokens: tokens from create-team-invitations were exposed, an existing profile id was embedded in auth.clj prepare-register-profile, and auth.clj register-profile could issue a ...

9.9CVSS6.1AI score0.00283EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS6.1AI score0.00283EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-55954

CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References9
Circl
Circl
added 5 days ago7 views

CVE-2020-8636

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:19+00:00| seen| https://t.me/GithubRedTeam/90443 2026-07-14 00:00:36+00:00| seen| https://t.me/GithubRedTeam/90443 2026-07-15 00:00:20+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/90443...

10CVSS7AI score0.04014EPSS
Exploits0References1
Circl
Circl
added 5 days ago6 views

CVE-2026-34207

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:18+00:00| seen| https://t.me/GithubRedTeam/90703 2026-07-14 00:00:34+00:00| seen| https://t.me/GithubRedTeam/90703 2026-07-15 00:00:21+00:00| seen| https://t.me/GithubRedTeam/90703 2026-07-16 19:00:30+00:00| seen|...

7.6CVSS4.8AI score0.00239EPSS
Exploits2References1
Circl
Circl
added 5 days ago10 views

CVE-2323-41892

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:15+00:00| seen| https://t.me/GithubRedTeam/91392 2026-07-14 00:00:32+00:00| seen| https://t.me/GithubRedTeam/91392 2026-07-15 00:00:26+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/91392...

6.1AI score
Exploits0References1
SUSE Linux
SUSE Linux
added 5 days ago5 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-53995: net: ipv4: fix one memleak in inetdelifa bsc1255616. CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype bsc1259891. CVE-2026-23451: bonding:...

9.3CVSS6.9AI score0.00574EPSS
Exploits12References260
CVE
CVE
added 5 days ago10 views

CVE-2026-6541

CVE-2026-6541 affects Mattermost versions 11.7.x &lt;= 11.7.1, 11.6.x &lt;= 11.6.4, and 10.11.x

4.3CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-6541

Mattermost versions 11.7.x = 11.7.1, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a...

4.3CVSS6.1AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-9820

Mattermost versions 11.7.x &lt;= 11.7.2 and 10.11.x

3.8CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43308

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS6.1AI score0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-61985

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...

5.3CVSS6.1AI score0.00176EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/07/08 2:59 p.m.15 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. CVE-2025-40341: futex: Don't leak robustlist pointer on exec race bsc1255029. CVE-2025-71294:...

9.3CVSS6.9AI score0.00533EPSS
Exploits3References450
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.2 views

The vulnerability of the team_port_add() function in the drivers/net/team/team_core.c file of the Linux kernel’s network device driver module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the teamportadd function in the drivers/net/team/teamcore.c file of the Linux kernel’s network device driver module is related to state management errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

7CVSS5.6AI score0.00118EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.6 views

The vulnerability of the `__team_queue_override_enabled_check()` function in the drivers/net/team/team_core.c file of the Linux kernel’s network device driver module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the teamqueueoverrideenabledcheck function in the drivers/net/team/teamcore.c file of the Linux kernel’s network device driver is related to the occurrence of operations outside of memory buffers. Exploiting this vulnerability could allow an attacker to compromise the...

7CVSS6AI score0.0012EPSS
Exploits0References11Affected Software6
Rows per page
Query Builder