Lucene search
K

7209 matches found

Nuclei
Nuclei
added yesterday20 views

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6.2AI score0.01608EPSS
Exploits1References2
NVD
NVD
added 2 days ago5 views

CVE-2026-15389

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-57935

Name of the Vulnerable Software and Affected Versions SAP Approuter affected versions not specified Description An unauthenticated attacker can exploit an HTTP Request Smuggling issue by sending a specially crafted HTTP request. This leads to request-response desynchronization, a condition where...

9.1CVSS6AI score0.00539EPSS
Exploits0References7
Nuclei
Nuclei
added 3 days ago17 views

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

8.6CVSS7AI score0.49051EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42800

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-56938

Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...

5.3CVSS6.1AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56957

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 9:11 p.m.31 views

CVE-2026-48492 Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 9:11 p.m.17 views

CVE-2026-48492

CVE-2026-48492 affects Snipe-IT (IT asset/license management). Prior to version 8.6.1, the GET /api/v1/{object}/selectlist endpoint lacked an authorization check, allowing any logged-in user (with a web session cookie and no API token) to enumerate all user accounts and retrieve usernames, displa...

7.1CVSS6AI score0.00385EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/08 4:16 p.m.10 views

CVE-2026-59262

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS0.00238EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 3:44 p.m.7 views

CVE-2026-59262

AFFiNE CVE-2026-59262 involves the histories GraphQL field failing to validate Doc.Read permissions before exposing edit histories. The vulnerability allows authenticated workspace members to supply arbitrary document GUIDs and access full edit histories, including user names, emails, and timesta...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 3:44 p.m.5 views

EUVD-2026-42314

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 2:6 p.m.6 views

EUVD-2026-42277

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

5.9AI score0.00303EPSS
Exploits0References1
Veracode
Veracode
added 2026/07/07 8:44 a.m.6 views

Improper Authorization

Keycloak is vulnerable to improper authorization. The vulnerability is due to missing validation that the target user belongs to the caller's realm in certain user read endpoints, which allows a tenant realm administrator to access profile information, client roles, and realm roles of users acros...

6AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.9 views

CVE-2026-59098

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.37 views

CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS0.00238EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:42 p.m.5 views

CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 5:39 p.m.15 views

MAL-2026-6728 Malicious code in dt-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0dd6dc392ad68861c938e7798773adf5359c835743e711a834d84221b481bdf The package's top-level public API dtvalidator.validate — colocated in all with legitimate helpers validateextension, validatesize, and...

6.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:48 p.m.7 views

CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
Rows per page
Query Builder