Lucene search
K

1244 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 10:51 p.m.8 views

CVE-2026-53644

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS6AI score0.00251EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 10:51 p.m.3 views

CVE-2026-53644 FOSSBilling's missing order-state validation allows clients to read and reset API key secrets for non-active orders

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS6AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.5 views

PT-2026-56037

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...

8.6CVSS6AI score0.00251EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38669

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.7 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-10552 Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.14 views

CVE-2026-10552

The CVE-2026-10552 entry concerns the WordPress plugin Blue Captcha (versions up to 2.0.1). It documents a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the main admin page (blcap_main_page) and on Hall of Shame and Log subpages. These pages accept a bl...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51667

Name of the Vulnerable Software and Affected Versions Blue Captcha versions prior to 2.0.2 Description The Blue Captcha plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due ...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References11
CVE
CVE
added 2026/06/14 11:30 p.m.20 views

CVE-2026-12193

VS Revo RevoUninstaller 2.5.x/2.6.x contains a heap-based overflow in IOCtl_Handler of RevoDetector.sys (IOCTL Handler). The vulnerability enables a local attack and is supported by publicly available exploit material. Upgrading to version 2.7.0 fixes the issue. If you rely on affected builds, ap...

8.5CVSS7.5AI score0.00142EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.19 views

Malicious code in 0x2ai-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ee2445b2f0b01d2457cf45c188b310f58c98f3b676032f9c6213469f071239 On npm install, scripts/postinstall.cjs recursively copies the bundled payload/ directory into INITCWD the developer's project root via fs.cpSync. Th...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.20 views

MAL-2026-5589 Malicious code in 0x2ai-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ee2445b2f0b01d2457cf45c188b310f58c98f3b676032f9c6213469f071239 On npm install, scripts/postinstall.cjs recursively copies the bundled payload/ directory into INITCWD the developer's project root via fs.cpSync. Th...

5.6AI score
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:32 a.m.15 views

EUVD-2026-36135

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

7.1CVSS6.7AI score0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48752

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48751

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS5.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:31 p.m.9 views

CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS5.5AI score0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:31 p.m.33 views

CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:31 p.m.26 views

CVE-2026-0267

CVE-2026-0267 affects the Palo Alto Networks GlobalProtect app on macOS. It is described as an information exposure vulnerability where a local user can learn the passcodes used to disable, disconnect, or uninstall the app, enabling those actions despite configuration restrictions. The provided d...

6.9CVSS5.5AI score0.00104EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder