Lucene search
+L

518 matches found

Patchstack
Patchstack
added 2026/03/30 8:35 a.m.11 views

WordPress SureForms plugin <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability

Unauthenticated Payment Amount Validation Bypass via 'formid' vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin SureForms versions = 2.5.2...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:25 a.m.3 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/28 1:25 a.m.40 views

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.16 views

PT-2026-28706

Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2 Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References9
Snyk
Snyk
added 2026/03/26 6:32 p.m.3 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation in the authentication process when callbackmode is set to direct. An attacker can gain unauthorized access to a victim's session by initiating an authentication request and tricking the victim into visiting a crafted UR...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:32 p.m.9 views

GHSA-7Q7G-X6VG-XPC3 OpenBao lacks user confirmation for OIDC direct callback mode

Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:58 p.m.3 views

CVE-2026-33438

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

6.5CVSS5.8AI score0.00398EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 4:58 p.m.23 views

CVE-2026-33438

Stirling-PDF is affected by a Denial of Service (DoS) vulnerability in the watermark endpoint. Affected versions are 2.1.5 through 2.5.1 (prior to 2.5.2). An authenticated user can trigger resource exhaustion and server crashes by sending extreme values for fontSize and widthSpacer to /api/v1/sec...

6.5CVSS5.8AI score0.00398EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.7 views

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.18 views

PT-2026-28483

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions 2.1.5 through 2.5.1 Description Stirling-PDF is a locally hosted web application for PDF file operations. An authenticated user can trigger a Denial of Service DoS condition by submitting extreme values for the fontSize a...

6.5CVSS5.9AI score0.00398EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 8:44 a.m.25 views

CVE-2026-27625

Stirling-PDF (local web app) is affected in all versions prior to 2.5.2. The vulnerability resides in the /api/v1/convert/markdown/pdf endpoint, where user-supplied ZIP entries are extracted without path checks, enabling path traversal and arbitrary file write by any authenticated user (stirlingp...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.15 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/16 6:32 p.m.7 views

EUVD-2025-208757

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References4
NVD
NVD
added 2026/02/20 4:22 p.m.10 views

CVE-2025-69401

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through = 2.5.2...

7.5CVSS0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-21182

Name of the Vulnerable Software and Affected Versions WooODT Lite versions through 2.5.2 Description An authentication bypass by spoofing issue exists in WooODT Lite, potentially allowing identity spoofing. The issue impacts the application’s authentication mechanism, enabling unauthorized access...

5.4AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin WooODT Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/16 7:30 p.m.6 views

CVE-2025-36511

Incorrect default permissions for some IntelR Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This...

6.7CVSS5.4AI score0.00109EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

n8n Node.js Package < 1.123.17 / 2.x < 2.5.2 Expression Escape Leading to RCE (CVE-2026-25049)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.17, or 2.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability: - An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow...

9.9CVSS6.8AI score0.01196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.8 views

PT-2026-7315

Name of the Vulnerable Software and Affected Versions IntelR Memory and Storage Tool versions prior to 2.5.2 Description The IntelR Memory and Storage Tool, in versions before 2.5.2, has default permissions that may allow a local escalation of privilege. An authenticated user with a high complexi...

6.7CVSS5.2AI score0.00109EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/04 6:3 p.m.26 views

n8n Has Expression Escape Vulnerability Leading to RCE

Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...

9.9CVSS6AI score0.97875EPSS
Exploits29References5Affected Software1
Rows per page
Query Builder