Количество 331 209
Количество 331 209
CVE-2026-24353
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
CVE-2026-24348
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
CVE-2026-24347
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
CVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
CVE-2026-24345
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2026-24344
Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution
CVE-2026-24342
Rejected reason: Not used
CVE-2026-24341
Rejected reason: Not used
CVE-2026-24340
Rejected reason: Not used
CVE-2026-24339
Rejected reason: Not used
CVE-2026-24338
Rejected reason: Not used
CVE-2026-24337
Rejected reason: Not used
CVE-2026-24336
Rejected reason: Not used
CVE-2026-24335
Rejected reason: Not used
CVE-2026-24334
Rejected reason: Not used
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as "You will appear offline."
CVE-2026-24307
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-24306
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24305
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2026-24304
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24353 Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9. | CVSS3: 8.1 | 0% Низкий | 15 дней назад |
| CVE-2026-24348 Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users. | 0% Низкий | 11 дней назад | |
| CVE-2026-24347 Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory | 0% Низкий | 11 дней назад | |
| CVE-2026-24346 Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application | 0% Низкий | 11 дней назад | |
| CVE-2026-24345 Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | 0% Низкий | 11 дней назад | |
| CVE-2026-24344 Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution | 0% Низкий | 11 дней назад | |
| CVE-2026-24342 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24341 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24340 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24339 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24338 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24337 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24336 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24335 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24334 Rejected reason: Not used | 15 дней назад | ||
| CVE-2026-24332 Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as "You will appear offline." | CVSS3: 4.3 | 0% Низкий | 16 дней назад |
| CVE-2026-24307 Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. | CVSS3: 9.3 | 0% Низкий | 15 дней назад |
| CVE-2026-24306 Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. | CVSS3: 9.8 | 0% Низкий | 15 дней назад |
| CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability | CVSS3: 9.3 | 0% Низкий | 15 дней назад |
| CVE-2026-24304 Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | CVSS3: 9.9 | 0% Низкий | 15 дней назад |
Уязвимостей на страницу