Lucene search
+L

22114 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-37311

Name of the Vulnerable Software and Affected Versions Pocketbase versions prior to 0.22.42 Pocketbase versions prior to 0.37.4 Description An issue exists in the OAuth2 autolinking process where an attacker knowing a victim's email address can pre-create and link an unverified user by...

6.1CVSS5.8AI score0.00247EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.12 views

CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References1
NVD
NVD
added 2026/05/02 5:16 a.m.10 views

CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

9.8CVSS0.00578EPSS
Exploits3References5
CVE
CVE
added 2026/05/02 4:27 a.m.47 views

CVE-2026-7458

The CVE-2026-7458 entry concerns the WordPress plugin “User Verification by PickPlugins” with authentication bypass in all versions up to 2.0.46. The root cause is a loose PHP comparison operator used to validate OTP codes in user_verification_form_wrap_process_otpLogin, enabling unauthenticated ...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References5
EUVD
EUVD
added 2026/05/02 4:27 a.m.8 views

EUVD-2026-26737

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References5
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.12 views

WordPress plugin User Verification by PickPlugins 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36569

Name of the Vulnerable Software and Affected Versions User Verification by PickPlugins versions prior to 2.0.47 Description The User Verification by PickPlugins plugin for WordPress allows unauthenticated attackers to log in as any user with a verified email address, including administrators. Thi...

9.8CVSS5.8AI score0.00578EPSS
Exploits3References16
EUVD
EUVD
added 2026/04/22 12:49 a.m.9 views

EUVD-2026-24579

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS6.1AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.17 views

PT-2026-37128

Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...

9.8CVSS5.9AI score0.00809EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software developed by SailPoint Corporation. It provides credit monitoring, identity protection, and antivirus features. There are security vulnerabilities in versions of SailPoint IdentityIQ prior to version 8.5p2, 8.4, and 8.4p4. These vulnerabilities stem fro...

8.4CVSS5.8AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 6:17 p.m.8 views

CVE-2026-40070

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS0.00135EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.11 views

phpBB 路径遍历漏洞

phpBB is an open-source web forum software based on the PHP language. This software supports multiple languages, various databases, and custom layout designs. phpBB has a path traversal vulnerability, which stems from an arbitrary file upload vulnerability. This vulnerability could allow verified...

5.9AI score0.00183EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/02 8:39 a.m.10 views

SUSE CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References22
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.24 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References6
CVE
CVE
added 2026/04/01 8:36 a.m.28 views

CVE-2026-23409

The CVE-2026-23409 issue is in the Linux kernel AppArmor differential encoding verification. It describes two bugs: (1) mixing states that have already been verified with those currently being checked, which can cause loops in the current chain to be treated as verified, and (2) an incorrect bail...

5.5CVSS5.7AI score0.00177EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:36 a.m.2 views

CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.7AI score0.00177EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.19 views

OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 11:57 p.m.5 views

GHSA-6XG4-82HV-CP6F OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29235

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
Rows per page
Query Builder