Lucene search
K

9853 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS
Exploits0References4
Nuclei
Nuclei
added yesterday35 views

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

7.5CVSS7AI score0.13623EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday85 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS6.1AI score0.00891EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday48 views

TrueBooker <= 1.0.2 - SQL Injection

The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS6.1AI score0.03292EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday77 views

CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS7.3AI score0.05871EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday96 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday159 views

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.5AI score0.15043EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday57 views

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS6.9AI score0.03096EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday69 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.5AI score0.03521EPSS
Exploits1References5
CVE
CVE
added yesterday12 views

CVE-2026-9770

Affected products: TP-Link Kasa EC70 v4 and EC71 v4 firmware. Issue: a static cryptographic private key is stored in a read-only filesystem shared across devices, allowing extraction from the firmware image. Impact: an unauthenticated attacker on the same network could use the embedded key in the...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-15409

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

10CVSS0.01404EPSS
Exploits3References2
NVD
NVD
added 2 days ago6 views

CVE-2026-14902

An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs...

4CVSS0.00512EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago162 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS6.2AI score0.28802EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago34 views

WordPress Events Manager <= 7.0.3 - SQL Injection

The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS6.1AI score0.55683EPSS
Exploits2References4
CVE
CVE
added 3 days ago11 views

CVE-2026-61503

CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...

6.9CVSS6.1AI score0.00343EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-61501

Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...

6.1CVSS6.3AI score0.00308EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago112 views

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

9.8CVSS7.1AI score0.46242EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago251 views

Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

9.8CVSS7.1AI score0.80596EPSS
Exploits4References2
Nuclei
Nuclei
added 3 days ago45 views

ZKTeco BioTime v8.5.5 - Path Traversal

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. id: CVE-2023-38950 info: name: ZKTeco BioTime v8.5.5 - Path Traversal author: iamnoooob,pdresearch severity: high description: | A pa...

7.5CVSS7.1AI score0.8488EPSS
Exploits3References5
NVD
NVD
added 3 days ago9 views

CVE-2026-15553

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...

6.9CVSS0.00251EPSS
Exploits0References2
Rows per page
Query Builder