Lucene search
K

279 matches found

NVD
NVD
added 4 days ago10 views

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 4 days ago21 views

CVE-2026-61428

PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-12955 Cookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX Action

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42846

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 6 days ago15 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/04 2:16 a.m.11 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/04 12:58 a.m.9 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
NVD
NVD
added 2026/07/01 5:16 a.m.8 views

CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2026-57995 phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.24 views

CVE-2026-57995

phpMyFAQ

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-326 dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/26 11:50 a.m.7 views

Session Hijacking

Chainlit is vulnerable to Session Hijacking. The vulnerability is due to missing ownership verification during WebSocket session restoration, where a valid sessionId can be used to restore another user's authenticated session, allowing attackers to gain unauthorized access with the victim's...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.12 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38668

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistioplugindeleteassistiosettings function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers,...

4.3CVSS5.9AI score0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:7 p.m.8 views

CVE-2026-54322

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 5:10 p.m.7 views

GHSA-6P9M-Q3JP-47H4 Gogs: LFS dedupe path leaks private repo content across tenants

Summary Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid row pointing at it without verifying the request body hash...

7.1CVSS6AI score0.00236EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.33 views

CVE-2026-56357 n8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhoo...

6.3CVSS0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.34 views

CVE-2026-56357

n8n’s GitHub Webhook Trigger node is affected in versions before 1.123.15 and 2.5.0 due to missing HMAC-SHA256 signature verification. This allows an attacker who knows the webhook URL to send unsigned POST requests, potentially triggering workflows with arbitrary data and spoofing GitHub webhook...

6.3CVSS6AI score0.00186EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder