Lucene search
K

502 matches found

Nuclei
Nuclei
added 2 days ago14 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7.3AI score0.29557EPSS
Exploits3References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13514 Chess Play and Learn App com.chess AndroidManifest.xml backup

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 3:35 p.m.10 views

CVE-2026-56694

NanoClaw

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 1:36 p.m.4 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 10:57 a.m.7 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 9:16 p.m.12 views

CVE-2026-24618

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:46 p.m.9 views

EUVD-2026-36570

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/12 8:12 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the handleLogIn and verifyPassword user...

8.2CVSS5.4AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48976

Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-49077

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.7 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.5AI score0.0028EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:49 a.m.8 views

CVE-2026-49077

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 10:49 a.m.11 views

EUVD-2026-34241

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:29 p.m.8 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the direct-prompt CLI. An attacker can access sensitive local...

6.9CVSS5.5AI score0.00014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44968

Name of the Vulnerable Software and Affected Versions Frontier X2 affected versions not specified Frontier X mobile application affected versions not specified Description The Frontier X2 device permits unauthenticated Bluetooth Low Energy BLE read and write access to critical Generic Attribute...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:47 p.m.9 views

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

7.3CVSS5.8AI score0.00097EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.17 views

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00097EPSS
Exploits0References6
NVD
NVD
added 2026/05/21 9:16 a.m.12 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:21 a.m.8 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 8:21 a.m.9 views

EUVD-2026-31249

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder