Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8780 matches found

NVD
NVDadded 2026/03/03 6:16 p.m.5 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/03 12:0 a.m.24 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/03 12:0 a.m.3 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS6AI score0.00187EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/03 12:0 a.m.7 views

EUVD-2021-22128

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/03 12:0 a.m.8 views

PT-2026-22761

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283 Description A Cross-Site Request Forgery CSRF issue exists in Nokia IMPACT. This allows a remote attacker to import and overwrite the entire application configuration. The issue is due...

8.1CVSS5.8AI score0.00187EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/03/03 12:0 a.m.2 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

6AI score0.00187EPSS
Exploits0References3
CVE
CVEadded 2026/03/03 12:0 a.m.10 views

CVE-2021-35486

CVE-2021-35486 affects Nokia IMPACT up to version 19.11.2.10-20210118042150283. The issue is a CSRF vulnerability in the /ui/rest-proxy/entity/import endpoint where neither the X-CSRF-NONCE header nor the CSRF-NONCE cookie is validated, allowing a remote attacker to import and overwrite the entir...

8.1CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/02 1:50 a.m.5 views

CVE-2026-28554

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

5.3CVSS6AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/02 1:50 a.m.6 views

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

7.1CVSS6AI score0.00274EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2026/03/02 12:0 a.m.144 views

📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

9.8CVSS6.5AI score0.00583EPSS
Exploits2
Packet Storm
Packet Stormadded 2026/03/02 12:0 a.m.168 views

📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization

Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...

9.8CVSS5.9AI score0.00352EPSS
Exploits3
Packet Storm
Packet Stormadded 2026/03/02 12:0 a.m.143 views

📄 WordPress Eventin 4.0.34 Account Takeover

A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...

8.8CVSS6.1AI score0.00526EPSS
Exploits3
Packet Storm
Packet Stormadded 2026/03/02 12:0 a.m.189 views

📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation

Proof of concept for a WordPress King Addons for Elementor plugin versions 24.12.92 through 51.1.14 unauthenticated privilege escalation vulnerability. ============================================================================================================================================= |...

9.8CVSS5.9AI score0.09142EPSS
Exploits4
EUVD
EUVDadded 2026/03/01 12:30 a.m.5 views

EUVD-2026-9104

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

5.3CVSS6AI score0.00268EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/01 12:30 a.m.6 views

EUVD-2026-9103

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

5.3CVSS6AI score0.00268EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/01 12:30 a.m.5 views

EUVD-2026-9106

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

7.1CVSS6AI score0.00274EPSS
Exploits0References4
OSV
OSVadded 2026/02/28 10:16 p.m.3 views

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

6.5CVSS5.9AI score0.00274EPSS
Exploits0References3
OSV
OSVadded 2026/02/28 10:16 p.m.3 views

CVE-2026-28554

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

4.3CVSS5.9AI score0.00268EPSS
Exploits0References3
NVD
NVDadded 2026/02/28 10:16 p.m.9 views

CVE-2026-28554

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

5.3CVSS0.00268EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/28 9:47 p.m.5 views

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

7.1CVSS6AI score0.00274EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder