Lucene search
K

656 matches found

Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00119EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

nodejs: Node.js: Unauthorized file metadata modification

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...

3.3CVSS6.2AI score0.00154EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Ubiquiti UniFi OS < 5.1.12 Multiple Vulnerabilities

According to its self-reported version, the remote Ubiquiti UniFi OS device is prior to 5.1.12. It is, therefore, affected by multiple vulnerabilities: - A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make...

10CVSS7.3AI score0.78555EPSS
Exploits4References4
NVD
NVD
added 2026/07/02 3:17 p.m.7 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9.8CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.35 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.7 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS5.8AI score0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:50 p.m.8 views

EUVD-2026-41400

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS5.8AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:50 p.m.67 views

CVE-2026-55116

CVE-2026-55116 affects UniFi OS devices. The issue is an Improper Access Control vulnerability that could allow a network-attached attacker, under certain configurations, to make unauthorized changes to UniFi OS devices. The CVSS 3.1 vector indicates Network access, High attack complexity, No pri...

9.8CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55252

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An Improper Access Control issue exists in certain devices running UniFi OS. A malicious actor with network access and specific network configurations could exploit this flaw to make...

9.8CVSS6.1AI score0.00229EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/27 6:50 a.m.8 views

EUVD-2026-39951

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.10 views

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

6.5CVSS5.7AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 7:47 p.m.9 views

CVE-2026-1840

The CVE concerns Hubbell Aclara Metrum Cellular Web Interface, where unauthorized access arises from missing authentication on critical system functions. This allows attackers to alter essential configuration settings, trigger system restarts, and potentially disrupt device communications. CISA a...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/23 12:0 a.m.5 views

Ubiquiti UniFi OS Improper Access Control Vulnerability

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system...

10CVSS5.9AI score0.02452EPSS
In wildExploits2
Cvelist
Cvelist
added 2026/06/18 6:7 a.m.22 views

CVE-2026-55745 Cotonti CSRF in PFS folder edit allows unauthorized folder modification

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.13 views

EUVD-2026-36779

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

5.4AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

8.1CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:44 p.m.34 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:17 a.m.14 views

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

8.1CVSS0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.15 views

EUVD-2026-36378

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

8.1CVSS5.4AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder