Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Patchstack
Patchstackadded 2026/02/04 10:53 p.m.4 views

WordPress ProfileGrid plugin <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Profile and Cover Image Modification vulnerability discovered by knani alaaeddine iwd in WordPress Plugin ProfileGrid versions = 5.9.7.2...

5.3CVSS5.4AI score0.00016EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-18402

Malware in sbrugna...

5.4CVSS5.5AI score0.00181EPSS
Exploits4References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-28233

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00165EPSS
Exploits1References1
CVE
CVEadded 2025/02/12 1:29 p.m.50 views

CVE-2025-26362

CVE-2025-26362 describes a CWE-306 issue in Q-Free MaxTime: the vulnerability exists in the maxprofile/setup/routes.lua function, affecting MaxTime versions 2.11.0 and earlier. An unauthenticated remote attacker can craft HTTP requests to set an arbitrary authentication profile on the server. Thi...

7.5CVSS7.9AI score0.00569EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2024/11/21 10:36 p.m.1 views

WordPress Ultimate Member plugin <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Profile Picture Update vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.8.9...

4.3CVSS7AI score0.00073EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/02/13 12:0 a.m.16 views

CVE-2023-52060

A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...

6.7AI score0.00117EPSS
Exploits1References2
Cvelist
Cvelistadded 2022/05/16 2:30 p.m.15 views

CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

5AI score0.00204EPSS
Exploits1References1
Patchstack
Patchstackadded 2022/04/21 12:0 a.m.23 views

WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability

Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

4.3CVSS4.1AI score0.00204EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2018/02/07 9:29 p.m.10 views

CVE-2018-6655

PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field...

5.4CVSS5.4AI score0.00181EPSS
Exploits4References1
Prion
Prionadded 2012/11/15 11:58 a.m.7 views

Design/Logic Flaw

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue...

3.5CVSS6.7AI score0.01022EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder