Lucene search
+L

3015 matches found

attackerkb
attackerkb
added yesterday3 views

CVE-2026-46621

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2 days ago6 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4Affected Software1
nvd
nvd
added 3 days ago5 views

CVE-2026-15389

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS0.00275EPSS
Exploits0References1
cve
cve
added 4 days ago9 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References2
nvd
nvd
added 5 days ago6 views

CVE-2026-15480

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS0.00463EPSS
Exploits0References5
euvd
euvd
added 5 days ago8 views

EUVD-2026-43202

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS6.4AI score0.00463EPSS
Exploits0References5
cvelist
cvelist
added 5 days ago29 views

CVE-2026-15480 Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS0.00463EPSS
Exploits0References5
cve
cve
added 5 days ago15 views

CVE-2026-15480

The CVE-2026-15480 refers to Trendnet TEW-635BRM (firmware up to 1.00.03) where the Web Service’s /sbin/rc start_httpd function mishandles the device_name argument, causing a stack-based buffer overflow. This can be triggered remotely; public exploits are cited. Several sources note the vendor’s ...

9CVSS7.4AI score0.00463EPSS
Exploits0References5
cve
cve
added 5 days ago14 views

CVE-2026-15477

Bahmni bahmnicore (up to 0.93) is affected in the Search Endpoint (file /openmrs/ws/rest/v1/bahmnicore/sql), specifically the function additionalParams. A manipulated argument can lead to SQL injection, with remote exploitation possible and public exploit details. Remediation: upgrade to 0.93.1, ...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6
cvelist
cvelist
added last week32 views

CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS0.00268EPSS
Exploits0References4
nessus
nessus
added 2026/07/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-58501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transiti...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References3
euvd
euvd
added 2026/07/09 2:15 p.m.7 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/09 9:31 a.m.30 views

CVE-2026-4275 Divi Torque Lite <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation via 'install_plugin' REST Endpoint

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
euvd
euvd
added 2026/07/09 12:31 a.m.6 views

EUVD-2026-42496

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...

8.1CVSS6AI score0.00276EPSS
Exploits0References3
euvd
euvd
added 2026/07/08 9:12 p.m.7 views

EUVD-2026-42077

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE...

8.3CVSS5.9AI score0.00237EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/07 5:32 p.m.33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/07 5:32 p.m.6 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 5:32 p.m.7 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/07/07 5:32 p.m.7 views

CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 9:19 a.m.12 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
Rows per page
Query Builder