Lucene search
K

2706 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.11 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:0 a.m.11 views

EUVD-2026-30735

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41635

Name of the Vulnerable Software and Affected Versions Feeds for YouTube versions prior to 2.6.4 Description A missing capability check in the actions function allows users with subscriber privileges or higher to unauthorizedly modify or delete the plugin license key. Recommendations Update to...

5.4CVSS5.2AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/16 12:30 p.m.52 views

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/16 12:30 p.m.9 views

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 9:24 p.m.49 views

CVE-2026-44571 Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

6.5CVSS0.00277EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:24 p.m.8 views

CVE-2026-44571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:24 p.m.16 views

EUVD-2026-30655

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:30 a.m.14 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 5:30 a.m.6 views

CVE-2026-3829 WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41175

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.7 Description An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Live Helper Chat 安全漏洞

Live Helper Chat is an open-source plugin developed by Live Helper Chat developers, designed to provide chat functionality for web platforms. Version 4.84 of Live Helper Chat contains a security vulnerability. This vulnerability stems from the REST API chat update endpoint, which allows users to...

8.1CVSS5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40865

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple basic get requests' function in all versions up to, and including, 7.8.5.10. This...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 9:20 p.m.46 views

CVE-2026-44448 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:20 p.m.38 views

CVE-2026-44448

CVE-2026-44448 affects ERPNext prior to versions 15.102.0 and 16.11.0, where certain endpoints did not enforce proper authorization, allowing users to modify data beyond their permitted role. The root cause is missing validation on those endpoints, leading to unauthorised document modification. T...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 9:11 p.m.35 views

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:11 p.m.8 views

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder