Lucene search
K

180636 matches found

EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42553

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added 7 hours ago7 views

CVE-2026-1989

Technical details of CVE-2026-1989 are not publicly available in the provided documents; monitor for updates.

7.5CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 13 hours ago121 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7.2AI score0.22292EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago28 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS6.1AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago16 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago19 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS6AI score0.17393EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago69 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS5.9AI score0.01235EPSS
Exploits1References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS
Exploits0References9
CVE
CVE
added yesterday13 views

CVE-2026-6371

CVE-2026-6371 : Stored XSS in LimRAD NAC by Limatek System Inc. due to improper neutralization of input during web page generation. Affected through 08/07/2026. Documents list impact as a cross-site scripting vulnerability with a Medium severity (CVSS 3.1: AV Adjacent, AC Low, PR Low, UI Required...

4.8CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago63 views

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSWcxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. id:...

9.8CVSS7.2AI score0.27215EPSS
Exploits6References5
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-14703 itsourcecode Hospital Management System patientorder.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-41683

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 5 days ago13 views

CVE-2026-14627

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS0.00369EPSS
Exploits0References5
CVE
CVE
added 6 days ago16 views

CVE-2026-14605

CVE-2026-14605 affects RT-Thread up to 5.0.2. The vulnerability is in the function recvmsg within bsp/loongson/ls1cdev/libraries/ls1c_can.h of the ls1c CAN Handler . It enables a stack-based buffer overflow when processing input, with local access required to exploit. Public exploit code exists. ...

8.5CVSS7.4AI score0.00141EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.00479EPSS
Exploits1References3
Circl
Circl
added 2026/07/02 7:51 a.m.8 views

CVE-2026-14074

creationtimestamp| type| source ---|---|--- 2026-07-02 07:51:32+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:45:08+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260706...

6.5CVSS5.9AI score0.00276EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.4 views

WordPress Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability

Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Academy LMS versions = 3.8.1...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:15 p.m.6 views

EUVD-2026-40125

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 12:0 p.m.10 views

CVE-2026-13565

The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder