Lucene search
K

3168 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42725

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS5.4AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7399

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

8.1CVSS5.4AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6001

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042...

8.8CVSS5.4AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.7 views

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS5.4AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-2347

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.5AI score0.00426EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 4:22 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the readAttachment tool. An attacker can access files in the shared storage belonging to other users by supplying a known attachment path and a valid MCP token...

3.5CVSS5.3AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:3 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public shared-view endpoints, which exposed values from columns that were intended to be hidden. An attacker can access sensitive information by crafting reques...

6.9CVSS5.3AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 3:16 p.m.10 views

CVE-2026-6208

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
EUVD
EUVD
added 2026/06/05 2:2 p.m.9 views

EUVD-2026-34840

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.1CVSS5.3AI score
Exploits0
Cvelist
Cvelist
added 2026/06/05 2:2 p.m.39 views

CVE-2026-6208

...

Exploits0
CVE
CVE
added 2026/06/05 2:2 p.m.23 views

CVE-2026-6208

CVE-2026-6208 entry is rejected/not used and does not represent an active vulnerability.

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-46966

Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers. This issue affects Geographic Tracking System: before v0.0.2...

9.1CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/04 6:46 p.m.5 views

GHSA-XF4V-W5X5-PV79 Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

5.2CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/04 6:46 p.m.24 views

Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

6AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/04 1:44 p.m.10 views

EUVD-2026-34265

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 1:44 p.m.36 views

CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:14 a.m.11 views

EUVD-2026-34243

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS5.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 11:14 a.m.35 views

CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:14 a.m.6 views

CVE-2026-4104

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS5.9AI score0.00302EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46193

Name of the Vulnerable Software and Affected Versions TeknoPass versions 20210501 through 20260429 Description An authorization bypass exists due to a user-controlled SQL primary key issue, which allows for SQL Injection. SQL Injection is a technique where an attacker inserts malicious SQL code...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder