Lucene search
+L

99 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42785

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

5.8AI score0.00162EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/14 4:5 a.m.13 views

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity versions = 3.3.6...

5.8AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/08 11:40 p.m.10 views

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Unauthenticated Information Disclosure vulnerability

Unauthenticated Information Disclosure vulnerability discovered by Ronnachai Chaipha rxnr - Reconix Co., Ltd. in WordPress Plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity versions = 3.3.6...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.9 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:31 a.m.7 views

EUVD-2026-20044

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 5:16 a.m.10 views

CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS0.00545EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 3:36 a.m.10 views

CVE-2026-4299

CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (

5.3CVSS5.8AI score0.00545EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.4 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

WordPress plugin MainWP Child Reports 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00545EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-23356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drbd: fix LOGIC BUG in drbdalbeginiononblock Even though we check that we should be able to do lcgetcumulative while holding the device-allock spinlock, it may...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 3:30 p.m.14 views

CVE-2026-28506

The CVE-2026-28506 affects Outline prior to 1.5.0. A logic flaw in the events.list API endpoint’s filtering lets any authenticated user retrieve activity events for documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user’s actual permissions. This resul...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 3:30 p.m.11 views

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1
OSV
OSV
added 2026/03/17 3:30 p.m.5 views

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.9AI score0.00229EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/17 3:30 p.m.29 views

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS0.00229EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.9 views

SUSE CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS5.6AI score0.00475EPSS
Exploits1References3
HackRead
HackRead
added 2026/02/06 2:55 p.m.7 views

Flickr Notifies Users of Data Breach After External Partner Security Flaw

Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,…...

5.4AI score
Exploits0
OSV
OSV
added 2026/02/03 8:37 p.m.6 views

GO-2026-4329 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...

8.3CVSS5.3AI score0.00475EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/20 4:30 p.m.7 views

EUVD-2026-3295

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered...

8.3CVSS5.4AI score0.00475EPSS
Exploits1References6
OSV
OSV
added 2026/01/20 4:30 p.m.7 views

GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References7
NVD
NVD
added 2026/01/19 8:15 p.m.10 views

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS0.00475EPSS
Exploits1References3
Rows per page
Query Builder