Lucene search
K

370189 matches found

CVE
CVE
added 2026/07/01 7:52 a.m.17 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:5 a.m.16 views

CVE-2026-12577

CVE-2026-12577 affects DVP80ES3 and is due to an improperly implemented security check for a standard vulnerability. The NVD entry lists a CVSS v4.0 base score of 8.7 (HIGH): network attack vector, low attack complexity, no user interaction required. Impacts: availability HIGH, confidentiality/in...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:1 a.m.19 views

CVE-2026-12576

Technical details about CVE-2026-12576 are not publicly available in the provided documents. Monitor for updates from official sources for affected components, impact, and remediation information.

7.5CVSS5.8AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:55 a.m.18 views

CVE-2026-12575

Technical details for CVE-2026-12575 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:53 a.m.16 views

CVE-2026-50043

SkyBridge MB-A100/MB-A110 are affected by CVE-2026-50043: improper neutralization of special elements used in an OS command (OS Command Injection). If an attacker can log in with administrative privileges, arbitrary OS commands may be executed. The connected documents do not specify a patch or wo...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:51 a.m.20 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:46 a.m.22 views

CVE-2026-56016

CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 6:0 a.m.16 views

CVE-2026-11880

The CVE-2026-11880 entry concerns Fluent Forms WordPress plugin versions prior to 6.2.1, where ownership is not properly verified before processing a subscription cancellation request. This allows authenticated users with a low-privilege account to cancel subscriptions belonging to other users du...

3.1CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.19 views

CVE-2026-11794

The CVE-2026-11794 entry concerns the WordPress plugin “Advanced Form Integration — Connect Forms to 200+ Apps” up to version 2.1.1. Affected behavior: when creating a user from a public form submission, the plugin does not enforce the WordPress role, which can allow unauthenticated visitors to c...

8.1CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11570

CVE-2026-11570 affects the User Submitted Posts WordPress plugin prior to 20260608, where an input value is not escaped before being output in an admin-configured display template, allowing unauthenticated users to trigger a Stored XSS when a non-default display option is enabled. The issue is de...

4.2CVSS5.7AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.19 views

CVE-2026-11883

CVE-2026-11883 affects the WebAuthn Provider for Two Factor WordPress plugin (before 2.5.6). The vulnerability arises from incorrect validation of the second-factor authentication response, enabling an attacker who already knows a user’s password to bypass 2FA by submitting a malformed request. T...

7.2CVSS5.8AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11887

The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.16 views

CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin prior to 1.7.3 exposes protected product data via a public AJAX action without any authorization or post-status checks. Unauthenticated users can retrieve data for private and draft (non-public) products by supplying the product ID, bypass...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.21 views

CVE-2026-10750

CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...

8.1CVSS5.8AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.20 views

CVE-2026-11562

CVE-2026-11562 : The WS Form LITE WordPress plugin is vulnerable prior to version 1.11.8 due to a missing capability check on a settings-update action. This allows authenticated users with subscriber-level access and above to modify the plugin’s settings. Impact is limited to settings modificatio...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:45 a.m.24 views

CVE-2025-15666

Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...

5.3CVSS5.9AI score0.00123EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 5:35 a.m.28 views

CVE-2026-1239

The CVE-2026-1239 entry concerns the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. A missing authorization check on the REST callback ninja-forms-views/token/refresh affects all versions up to and including 3.14.1, permitting unauthenticated attackers to view form s...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:35 a.m.21 views

CVE-2026-11823

The CVE-2026-11823 entry concerns the BookingPress Appointment Booking Pro plugin for WordPress, affected up to version 5.7.1. The vulnerability is a SQL Injection via the store_service_date parameter of the bpa_assign_staffmember_to_slots() function. Root cause: user-supplied POST data is passed...

7.5CVSS5.9AI score0.00285EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:30 a.m.20 views

CVE-2026-14193

The vulnerability CVE-2026-14193 affects the DVP80ES300T device and is described as an Improper Validation of Array Index vulnerability. In the provided data, the CVSS v3.1 base score is 7.5 ( HIGH ), with Network attack vector, no privileges required, no user interaction, and availability impact...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:22 a.m.18 views

CVE-2026-12579

Technical details (affected products, root cause, remediation) are not publicly available in the provided documents. Monitor for updates from vendors and CVE/NVD entries.

7.4CVSS5.8AI score0.00273EPSS
Exploits0References1
Rows per page
Query Builder