Lucene search
K

15155 matches found

EUVD
EUVD
added 1 hour ago6 views

EUVD-2026-43578

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References8
CVE
CVE
added yesterday8 views

CVE-2026-15605

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References7
Nuclei
Nuclei
added yesterday16 views

PSW Front-end Login & Registration 1.13 - Weak Password Recovery

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...

9.8CVSS7AI score0.21914EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday27 views

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

7.5CVSS7.1AI score0.74048EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday21 views

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS6.1AI score0.02904EPSS
Exploits0References3
CVE
CVE
added 2 days ago21 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score0.00396EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43201

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15479

The vulnerability CVE-2026-15479 affects H3C NX15 V100R017. The vulnerable component is the Administrator Password Modification Endpoint, specifically the change_passwd function at /api/login/modify. Manipulating the newPass parameter results in weak password recovery. The issue can be exploited ...

7.5CVSS6.6AI score0.00278EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago25 views

DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...

7.5CVSS7.1AI score0.74048EPSS
Exploits4References4
NVD
NVD
added 4 days ago4 views

CVE-2026-55881

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-1667 SEO Plugin by Squirrly SEO <= 14.0.0 - Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting via savePost()

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-41879 Weak password hashing in R-SOFT DMS

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.2CVSS0.00269EPSS
Exploits0References1
The Hacker News
The Hacker News
added 4 days ago9 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References9
NVD
NVD
added 5 days ago7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-47831

The vulnerability affects bosh-windows-stemcell-builder. The GenerateRandomPassword function uses a cryptographically weak RNG, enabling a remote attacker to brute-force SSH logins over TCP/22. Affected versions are prior to v2019.98. Mitigation: upgrade to v2019.98 or later. CVSS metrics indicat...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-47831 Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42167

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
Rows per page
Query Builder