Lucene search
+L

19 matches found

cve
cve
added 2026/05/15 6:45 p.m.36 views

CVE-2026-46407

Vvveb CMS contains an IDOR in the backend/admin/auth-token endpoint. An authenticated administrator can load another admin's REST API token list by supplying that user’s admin_id, leading to disclosure of sensitive tokens. The issue is fixed in version 1.0.8.3. No exploitation details are provide...

8.1CVSS5.8AI score0.00218EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/01 12:0 a.m.5 views

PT-2026-29537

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

5.9AI score0.00167EPSS
Exploits0References2
cve
cve
added 2026/01/17 8:24 a.m.27 views

CVE-2025-10484

The CVE-2025-10484 entry concerns the Registration & Login with Mobile Phone Number for WooCommerce plugin (WordPress). Affected versions: all up to and including 1.3.1, where authentication bypass is achieved via the fma_lwp_set_session_php_fun() path, allowing unauthenticated users to impersona...

9.8CVSS5.5AI score0.00401EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/14 12:0 a.m.7 views

Siemens SiPass Integrated 安全漏洞

Siemens SiPass Integrated is a powerful and extremely flexible access control system from Siemens, Germany. A security vulnerability exists in Siemens SiPass Integrated prior to version V3.0, which stems from a key for encrypting passwords that can be accessed by an administrator, potentially...

6.7CVSS6.5AI score0.00127EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-25257

Malicious code in bioql PyPI...

5.4CVSS6.7AI score0.01104EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16711

Malicious code in bioql PyPI...

4.9CVSS5.2AI score0.0032EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-16481

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00404EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/06/11 12:0 a.m.5 views

PT-2025-25181 · WordPress · Wp-Downloadmanager

Name of the Vulnerable Software and Affected Versions: WP-DownloadManager versions 1.68.10 and earlier Description: The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to a lack of restriction on the directory from which a file can be deleted. This allows...

7.2CVSS6.9AI score0.00808EPSS
Exploits0References13
redhatcve
redhatcve
added 2025/05/23 11:39 a.m.6 views

CVE-2025-24399

Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...

8.8CVSS6.7AI score0.0053EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:45 a.m.9 views

CVE-2024-28288

Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...

9.8CVSS7.1AI score0.00724EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:43 a.m.13 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

8.1CVSS7AI score0.00632EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.4 views

WordPress plugin WP-PManager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.1CVSS7.6AI score0.00263EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/10/05 12:0 a.m.7 views

PT-2024-39463 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228 Description: The issue is caused by a missing capability check on the update metadata function, allowing unauthenticated attacke...

6.5CVSS7.4AI score0.02131EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2024/05/08 12:0 a.m.5 views

PT-2024-30790 · WordPress · Social Connect

Name of the Vulnerable Software and Affected Versions: Social Connect plugin for WordPress versions up to, and including, 1.2 Description: The issue is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for...

9.8CVSS7.2AI score0.00789EPSS
Exploits0References6
osv
osv
added 2023/10/26 1:15 p.m.8 views

CVE-2020-17477

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory via LDAP search requests. For example, a teacher can gain...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/09/29 12:0 a.m.5 views

PT-2023-27327 · Google · Google Api

Name of the Vulnerable Software and Affected Versions: Modern Events Calendar lite plugin for WordPress versions up to, but not including, 7.1.0 Description: The issue is related to Stored Cross-Site Scripting via Google API key and Calendar ID due to insufficient input sanitization and output...

4.8CVSS5.3AI score0.00319EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2021/02/09 12:0 a.m.15 views

PT-2021-11711 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.16.5 Mautic versions prior to 3.2.4 Description: A cross-site scripting XSS issue in the forms component allows remote attackers to inject executable JavaScript via mauticreturn. This could allow an attacker...

9.6CVSS6.2AI score0.02694EPSS
Exploits1References10
cert
cert
added 2002/12/09 12:0 a.m.18 views

Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client

Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...

7.2AI score
Exploits0References2
packetstorm
packetstorm
added 1999/08/17 12:0 a.m.32 views

dpec-course-passwds.txt

Date: Fri, 15 Jan 1999 21:45:24 -0700 From: Joel Knight To: [email protected] Subject: DPEC Online Courseware DPEC's www.dpec.com Online Courseware has a nasty bug in it that allows anyone to change anyone elses password without knowing what their current password is. This is NOT limited to...

7.4AI score
Exploits0
Rows per page
Query Builder