Lucene search
K

1461 matches found

Nuclei
Nuclei
added yesterday92 views

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

5.3CVSS6.2AI score0.4006EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-15475

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS0.00105EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43197

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15475 MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS0.00105EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.11 views

CVE-2026-57655

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57655

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS5.8AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57655

The CVE-2026-57655 entry concerns the WordPress plugin WordPress Child Theme Wizard (versions

8.2CVSS5.8AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39770

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS5.8AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.37 views

CVE-2026-57655 WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS0.00112EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:17 p.m.7 views

WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Child Theme Wizard versions = 1.4...

8.2CVSS5.8AI score0.00112EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52825

Name of the Vulnerable Software and Affected Versions Child Theme Wizard versions 1.4 and earlier Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to force users to execute unwanted actions. CSRF is a type of attack that tricks a victim into submitting...

8.2CVSS5.8AI score0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50813

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.6 through 9.15 Description HTML injection is possible in the cloud deployment module. The application propagates exception text from AWS, Azure, and Google SDKs, as well as file-resolution and database-commit exceptions,...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/16 6:17 p.m.65 views

Grimoire

書 — The Pentesterʼs Spellbook Answer the questions. Unleash th...

5.5AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/06/12 12:0 a.m.15 views

VulnCheck KEV: CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

5.3CVSS6.2AI score0.28312EPSS
In wildExploits3References2
Github Security Blog
Github Security Blog
added 2026/06/11 5:10 p.m.14 views

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8AI score0.00047EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.10 views

OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

5.3AI score0.0004EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/11 1:27 p.m.8 views

GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

8.8CVSS5.3AI score0.0004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.22 views

PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

8.8CVSS6AI score0.0004EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-40132

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS5.5AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder