Lucene search
K
CvelistRecent

364602 matches found

Cvelist
Cvelist
added 2026/06/20 3:21 p.m.28 views

CVE-2024-58351 Flowise - Remote Code Execution via overrideConfig Parameter

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 1:37 p.m.25 views

CVE-2022-50972 WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-box-product-images.php

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS0.00629EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 1:36 p.m.28 views

CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass

WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...

8.7CVSS0.00398EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 1:36 p.m.28 views

CVE-2019-25763 WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS0.00428EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 12:36 p.m.27 views

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 11:57 a.m.58 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.01569EPSS
Exploits6References1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.38 views

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.00564EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.32 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/20 8:29 a.m.32 views

CVE-2026-12119 Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/20 8:29 a.m.28 views

CVE-2026-11912 Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS0.00433EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/20 8:29 a.m.35 views

CVE-2026-11911 Simple File List <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS0.0078EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/20 1:27 a.m.33 views

CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/20 12:46 a.m.29 views

CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.32 views

CVE-2026-56216 Capgo - Scope Escalation via API Key Creation in /functions/v1/apikey

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...

8.8CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.32 views

CVE-2026-56215 Capgo - Account Merge via Poisoned public.users.email in SSO Provisioning

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.30 views

CVE-2026-56214 Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.31 views

CVE-2026-56212 Capgo - Improper 2FA Enforcement Logic via Team Security Settings

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.28 views

CVE-2026-56213 Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 11:29 p.m.33 views

CVE-2026-11551 Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00625EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.22 views

CVE-2026-56082 Capgo - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.22 views

CVE-2026-56081 Cap-go - Account Lockout via 2FA Misconfiguration on Unverified Email

Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account...

9.3CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.23 views

CVE-2026-56080 Cap-go - Authentication Logic Flaw in Enforce Password Policy

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.19 views

CVE-2026-56079 Capgo - Cross-Tenant Authorization Bypass via PostgREST Webhook Access

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.28 views

CVE-2026-56073 Cap-go - OTP Bypass via Response Manipulation in Email Verification

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:29 p.m.21 views

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

8.8CVSS0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:29 p.m.44 views

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

...

9.6CVSS0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:28 p.m.22 views

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

6.5CVSS0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.19 views

CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

...

9.9CVSS0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.20 views

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

10CVSS0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.22 views

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

...

6.5CVSS0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.21 views

CVE-2026-32208 Microsoft Entra ID Spoofing Vulnerability

...

8.8CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:26 p.m.27 views

CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00451EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 8:23 p.m.24 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:19 p.m.20 views

CVE-2026-47203 Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:16 p.m.24 views

CVE-2026-48129 Kestra task inputFiles accepts traversal filenames for worker file writes

Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task inputFiles writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an inputFiles file name, ...

6.5CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:12 p.m.24 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 8:9 p.m.24 views

CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 7:53 p.m.22 views

CVE-2026-49337 libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:46 p.m.28 views

CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:38 p.m.23 views

CVE-2026-48089 DevGuard has improper authorization on public assets

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:28 p.m.24 views

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:27 p.m.22 views

CVE-2026-48773 ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.22 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:21 p.m.24 views

CVE-2026-49344 Mercator has a Personal Identifiable Information Leak from Query Executor feature

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:18 p.m.22 views

CVE-2026-48715 radvdump's Route Information Option Parser has a Stack Buffer Overflow

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

7.7CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:13 p.m.20 views

CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:11 p.m.22 views

CVE-2026-49340 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path o...

8.1CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:8 p.m.21 views

CVE-2026-49338 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:2 p.m.25 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
Total number of security vulnerabilities364602