Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/02 3:28 a.m.15 views

EUVD-2026-33881

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS5.9AI score0.0126EPSS
Exploits5References8
Patchstack
Patchstack
added 2026/06/01 5:17 p.m.15 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.0126EPSS
Exploits5References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/28 12:34 a.m.184 views

Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.3AI score0.03514EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2023/03/27 10:15 p.m.3 views

DEBIAN-CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.6AI score0.03514EPSS
Exploits1References1
NVD
NVD
added 2023/03/27 10:15 p.m.35 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.5AI score0.03514EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.31 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.8AI score0.03514EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2023/03/20 12:0 a.m.6 views

Spring Expression DoS Vulnerability

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.6AI score0.0097EPSS
Exploits1References2
Rows per page
Query Builder