Lucene search
K

310 matches found

EUVD
EUVD
added 2026/06/25 6:32 p.m.10 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 2:16 p.m.22 views

CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS0.00249EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.71 views

📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure

Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy. Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure via /list-proxy ============================================================= Vendor: rustmailer Product: Bichon - self-hosted email archiving server...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/14 4:19 p.m.3 views

GHSA-HMG2-JJJX-JCP2 FlowiseAI: Vector Store No Permission Checks

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.9 views

PT-2026-40956

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 7:37 a.m.9 views

CVE-2026-25468 WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 10:16 a.m.14 views

CVE-2026-43646

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

7.5CVSS0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 12:32 p.m.3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the memosaccesstoken function of the UpdateInstanceSetting component when manipulating the additionalStyle or additionalScript arguments. An attacker can gain unauthorized access to sensitive informatio...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33306

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.8AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 1:23 a.m.3 views

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/10 6:31 p.m.3 views

EUVD-2026-21404

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

5.8AI score0.00284EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 3:31 p.m.5 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/09 9:40 a.m.24 views

CVE-2026-4901 Insertion of Sesitive Information into Log File in Hydrosystem Control System

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized...

6.9CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 7:25 p.m.6 views

USN-8158-1 dogtag-pki vulnerability

Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource...

8.1CVSS6.1AI score0.01187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-33202

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.43.7 MediaWiki versions prior to 1.44.4 MediaWiki versions prior to 1.45.2 Description An issue in Wikimedia Foundation MediaWiki allows the exposure of sensitive information to an unauthorized actor...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/04/02 12:37 p.m.3 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 3:16 p.m.6 views

CVE-2026-33576

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS0.00355EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/27 4:13 p.m.27 views

CVE-2026-28367 Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS0.00706EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 9:32 p.m.4 views

EUVD-2026-10796

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...

5.5CVSS5.7AI score0.00603EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Weintek cMT-3072XH2 easyweb 安全漏洞

Weintek cMT-3072XH2 easyweb is an intelligent human-computer interaction interface developed by Weintek Company in Taiwan, China. The version v2.1.53 of Weintek cMT-3072XH2 easyweb contains a security vulnerability. This vulnerability stems from the presence of hard-coded encryption keys, which m...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder