Lucene search
K

267 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 2:35 p.m.8 views

CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 10:2 a.m.13 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

5.9CVSS5.7AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.14 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS5.8AI score0.00164EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

5.8AI score0.00164EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.8 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS5.8AI score0.00164EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 6:43 p.m.13 views

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:43 p.m.8 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/22 6:43 p.m.14 views

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS0.0014EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 7:14 a.m.17 views

Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 3:46 p.m.12 views

phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/20 3:46 p.m.7 views

GHSA-W9XH-5F39-VQ89 phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.7 views

CVE-2026-6401

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms main settings, sharing...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:39 a.m.13 views

Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

5.9AI score
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/19 10:5 p.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
MariaDBUnix
MariaDBUnix
added 2026/05/18 12:0 a.m.10 views

CVE-2026-44168

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00567EPSS
Exploits0
MariaDBUnix
MariaDBUnix
added 2026/05/18 12:0 a.m.14 views

CVE-2026-44173

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00399EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

JoomSky Joomla! Component Js Jobs 跨站请求伪造漏洞

JoomSky Joomla! Component Js Jobs is a human resources component developed by JoomSky Corporation, designed for publishing job listings, managing positions, and facilitating job applications on Joomla websites. Version 1.2.0 of JoomSky Joomla! Component Js Jobs contains a cross-site request...

6.9CVSS5.8AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:46 p.m.6 views

CVE-2026-46408

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cartid and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another...

7.6CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints accepting file IDs provided by users without verifying ownership,...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References2
Rows per page
Query Builder