Lucene search
K

266 matches found

Vulnrichment
Vulnrichment
added 2025/11/19 6:45 a.m.9 views

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References4
NVD
NVD
added 2025/11/14 4:15 a.m.3 views

CVE-2025-13160

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...

6.9CVSS0.00277EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/11/09 12:23 a.m.4 views

SUSE CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

8.7CVSS6.8AI score0.00607EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 3:2 p.m.4 views

GO-2025-4061 Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server

Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/29 10:52 p.m.8 views

CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

4.3CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/10/24 9:16 p.m.22 views

CVE-2025-34293

GN4 Publishing System before 2.6 is affected by an insecure direct object reference (IDOR) via the API. Authenticated requests to object endpoints allow an authenticated user to query arbitrary user IDs and retrieve sensitive data, including stored passwords and the account’s security question/an...

8.6CVSS6.4AI score0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.7 views

PT-2025-43674

Name of the Vulnerable Software and Affected Versions GN4 Publishing System versions prior to 2.6 Description GN4 Publishing System contains an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API’s object endpoints allow an authenticated user to...

8.6CVSS6.5AI score0.0038EPSS
Exploits0References10
NVD
NVD
added 2025/10/16 6:15 p.m.6 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS0.00365EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/07 12:21 p.m.2 views

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

5.3CVSS6.4AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26244

Malware in sbrugna...

4.3CVSS4.5AI score0.01007EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-0263

Malware in sbrugna...

4CVSS6.3AI score0.0185EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18350

Malware in sbrugna...

3.5CVSS4.8AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-17038

Malware in sbrugna...

7.5CVSS7.5AI score0.01671EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-4207

Malware in sbrugna...

4.3CVSS4.8AI score0.01196EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19515

Malware in sbrugna...

8.8CVSS7AI score0.01803EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38837

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00698EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56164

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00471EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-43136

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00504EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-28981

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00234EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7155

Malicious code in bioql PyPI...

5.5CVSS5.1AI score0.00276EPSS
Exploits1References5
Rows per page
Query Builder