Lucene search
+L
VulnrichmentRecent

163557 matches found

vulnrichment
vulnrichment
added 1 hour ago1 views

CVE-2026-57205 SimpleChat: Authenticated users can access other users' profile metadata through user IDOR endpoints

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/ and GET /api/user/profile-image/ endpoints in application/singleapp/routebackendusers.py accepted a caller-supplied...

4.3CVSS
Exploits0References3
vulnrichment
vulnrichment
added 1 hour ago1 views

CVE-2026-54733 moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin localo365 Teams SSO endpoint ssologin.php base64-decodes a JWT payload and authenticates...

9.3CVSS
Exploits0References7
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-59867 Kiota: Generation-time SSRF + remote/local file inclusion via unrestricted $ref

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote https URLs and reading local absolute or out-of-tree file paths, allowing kiota generate on an attacker-controlled or attacker-influenced description to perform build-time...

7.1CVSS
Exploits0References4
vulnrichment
vulnrichment
added 1 hour ago3 views

CVE-2026-59864 Kiota: Path/URL injection into generated Copilot plugin manifest via x-ai-* extensions

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota plugin add and kiota plugin generate with -t APIPlugin emitted attacker-controlled statictemplate.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests...

9.3CVSS
Exploits0References4
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-59863 Kiota: Workspace-config poisoning: out-of-repo file write + generation-time SSRF

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pu...

7CVSS
Exploits0References4
vulnrichment
vulnrichment
added 2 hours ago1 views

CVE-2026-59861 Kiota: Code Generation Literal Injection in Kiota Ruby Generator

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral in Writers/StringExtensions.cs into Ruby double-quoted literals...

7.5CVSS
Exploits0References4
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-59237 IDOR in Prospero Flow CRM Order API allows cross-tenant read and modification of orders

Authorization Bypass Through User-Controlled Key CWE-639 in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify, and delete orders and order items belonging to any other company tenant via a sequential numeric i...

6.9CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-59860 Kiota: XML Doc-Comment Newline Breakout Code Injection

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C XML documentation-comment sink the description, externalDocs label, and externalDocs link fields emitted as /// … comments. When text from an OpenAPI...

8.7CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-14254 Improper Restriction of Excessive Authentication Attempts in Delphix Continuous Data

A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force...

8.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-5674 Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-56456 HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability.

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago5 views

CVE-2026-56455 HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS).

HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service DoS. The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-56454 HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1.

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

5.9CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-56453 HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability.

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago4 views

CVE-2026-35145 HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability.

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-35143 HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability.

HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery CSRF attacks if additional mitigations,...

3CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-35142 HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability.

HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal...

2.6CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-35141 HCL DFXAnalytics is affected by a Login Replay Attack vulnerability

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include...

2.6CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-35140 HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive...

3CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 4 hours ago3 views

CVE-2026-63306 stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and rea...

9.2CVSS6.2AI score
Exploits0References2
vulnrichment
vulnrichment
added 4 hours ago1 views

CVE-2025-71388 stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions

stoatchat delta/Revolt versions from 20241213-1 before 20250210-1 allow users with only ViewChannel read permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token,...

7.6CVSS
Exploits0References3
vulnrichment
vulnrichment
added 4 hours ago5 views

CVE-2025-71377 stoatchat before 20250210-1 Unrestricted Message History Fetch

stoatchat delta versions before 20250210-1 0.8.2 contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft...

8.7CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 4 hours ago2 views

CVE-2026-12391 ubuntu-pro-client Local Privilege Escalation and Information Disclosure via Symlink Arbitrary File Read in collect-logs

An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...

5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 4 hours ago4 views

CVE-2026-11386 ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References1
vulnrichment
vulnrichment
added 4 hours ago1 views

CVE-2026-9494 ubuntu-pro-client Information Disclosure via Cleartext Bearer Token Exposure in Process Command Line

An information disclosure vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in...

5.5CVSS
Exploits0References1
vulnrichment
vulnrichment
added 4 hours ago3 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added 5 hours ago4 views

CVE-2026-35147 HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access.

HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowing an unauthenticated attacker to interact with the APIs and perform unauthorized actions without...

8.2CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35149 HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation.

HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the applicati...

8.2CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago4 views

CVE-2026-35148 HCL DFXServer is affected by a Missing Access Control vulnerability

HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of...

6.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35146 HCL DFXServer is affected by an Unencrypted Communication vulnerability.

HCL DFXServer is affected by an Unencrypted Communication vulnerability. The application permits users to establish connections over unencrypted channels via the HTTP protocol, which could allow a remote attacker to intercept network traffic and expose sensitive data transmitted between the user...

6.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 6 hours ago1 views

CVE-2023-49900 Origin Validation Error in X-Rite MA-T6

An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...

9.8CVSS
Exploits0References1
vulnrichment
vulnrichment
added 7 hours ago4 views

CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-6424 Use-after-free vulnerability in ESET security products for Linux

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...

6.7CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-15727 WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS6.1AI score
Exploits0References10
vulnrichment
vulnrichment
added 8 hours ago2 views

CVE-2026-15103 WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the updatesettings REST callback failing to validate the groupid path...

8.8CVSS
Exploits0References6
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-15021 wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...

6.4CVSS6.2AI score
Exploits0References8
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-15005 Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS6.3AI score
Exploits0References10
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-13741 Digits: WordPress Mobile Number Signup and Login <= 9.1.0.5 - Authenticated (Subscriber+) Privilege Escalation via 'digits_reg_userrole' Parameter

The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the digupdatewpwccustomfields function. This makes it possible for authenticat...

8.8CVSS6AI score
Exploits0References2
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-58078 Joomla Extension - themexpert.com - Unauthenticated SQL injection in Quix Page Builder Pro < 6.2.1

The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score
Exploits0References2
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-13755 Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.3AI score
Exploits0References5
vulnrichment
vulnrichment
added 8 hours ago2 views

CVE-2026-15610 WPBot <= 8.5.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary RAG Document Re-Sync via ajax_rag_manual_sync() Function

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score
Exploits0References8
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-15106 WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6.2AI score
Exploits0References8
vulnrichment
vulnrichment
added 8 hours ago1 views

CVE-2026-15651 WP TripAdvisor Review Slider <= 14.6 - Authenticated (Administrator+) SQL Injection via 'filtersource' Parameter

The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to generic SQL Injection via the 'filtersource' parameter in all versions up to, and including, 14.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS
Exploits0References6
vulnrichment
vulnrichment
added 8 hours ago1 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS
Exploits0References5
vulnrichment
vulnrichment
added 8 hours ago3 views

CVE-2026-15350 The Cache Purger <= 2.3.20 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Log Deletion via 'the_log_purge' Parameter

The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.1AI score
Exploits0References6
vulnrichment
vulnrichment
added 8 hours ago2 views

CVE-2026-15099 WP Delicious <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'steps' Block Attribute

The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrapdirectiontext function, which interpolates the...

6.4CVSS6.2AI score
Exploits0References5
vulnrichment
vulnrichment
added 10 hours ago3 views

CVE-2026-12979 FunnelKit < 3.15.0.6 - Admin+ Arbitrary File Deletion via Path Traversal in Template Importer

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 10 hours ago3 views

CVE-2026-12978 FunnelKit < 3.15.0.6 - Reflected XSS via Divi Optin Form

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 10 hours ago3 views

CVE-2026-12869 Header Footer Builder for Elementor < 1.2.1 - Contributor+ Stored XSS via Template Import

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any editposts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...

6.1AI score
Exploits0References1
Total number of security vulnerabilities163557