Lucene search
+L

76683 matches found

cve
cve
added 8 hours ago31 views

CVE-2026-1609

CVE-2026-1609 affects Keycloak: when the JWT authorization grant preview feature is enabled and a user is disabled, Keycloak may not validate the user’s disabled status during JWT grant processing. A remote, low-privilege attacker can present an assertion token from an external IdP to obtain a JW...

8.1CVSS6.1AI score
Exploits0References4
euvd
euvd
added 8 hours ago6 views

EUVD-2026-44841

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS6.1AI score
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44761

The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gformuploadedfiles' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS6.2AI score
Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2026-56087

Dell ThinOS 10, versions prior to 260510.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...

6.1CVSS
Exploits0References1
nvd
nvd
added yesterday6 views

CVE-2026-56687

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44744

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday19 views

CVE-2026-56687

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS
Exploits0References1
cve
cve
added yesterday3 views

CVE-2026-56687

Dell ThinOS 10 is affected (versions prior to 2605_10.2100) by an Obsolete Feature in UI vulnerability. A low-privilege, local attacker could potentially obtain unauthorized access. No exploit details or specific remediation are provided in the documents; see Dell KB security update (DSA-2026-300...

7.8CVSS6.1AI score
Exploits0References1
nvd
nvd
added yesterday4 views

CVE-2026-59954

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-59954

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS6.1AI score
Exploits0References4Affected Software1
cvelist
cvelist
added yesterday19 views

CVE-2026-59954 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS
Exploits0References3
cve
cve
added yesterday15 views

CVE-2026-59955

CVE-2026-59955 affects Apollo ConfigService before 2.5.2, where requests to /configfiles/raw/{appId}/{clusterName}/{namespace} are authenticated using a parsed appId value of raw instead of the actual path appId. This allows potential unauthorized access to raw configuration data when AccessKey/m...

7.5CVSS6.1AI score
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS6.1AI score
Exploits0References4Affected Software1
cvelist
cvelist
added yesterday18 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS
Exploits0References4
euvd
euvd
added yesterday5 views

EUVD-2026-44667

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS6.1AI score
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44644

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References3
nvd
nvd
added yesterday4 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
cvelist
cvelist
added yesterday21 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
nuclei
nuclei
added yesterday79 views

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

9.8CVSS7AI score0.07226EPSS
Exploits0References2
nuclei
nuclei
added yesterday122 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.05356EPSS
Exploits1References3
Rows per page
Query Builder