Lucene search
K

3979 matches found

CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

WordPress plugin extendons-registration-fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS6.7AI score0.00356EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.7 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.2 views

PT-2025-43153

Name of the Vulnerable Software and Affected Versions Progress Planner versions prior to 1.8.1 Description An incorrect privilege assignment exists in Progress Planner, potentially allowing privilege escalation. Recommendations Update Progress Planner to version 1.8.1 or later...

8.8CVSS6.7AI score0.00439EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

WordPress plugin woocommerce-wholesale-prices 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.2CVSS6.7AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

WordPress plugin Voice Feedback 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.7AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

WordPress plugin SUMO Memberships for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS6.7AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

Admidio SQL注入漏洞

Admidio is an open source member management system from the Admidio team. The system supports features such as member lists, event management, guestbooks, photo albums and downloads. A SQL injection vulnerability exists in Admidio versions prior to 4.3.17, which stems from a SQL injection in the...

7.2CVSS7.4AI score0.00395EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

WordPress plugin Progress Planner 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.8CVSS6.7AI score0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

WordPress plugin Dokan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.2CVSS6.7AI score0.00394EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.8 views

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a...

7.2CVSS8.2AI score0.00395EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 3:19 p.m.4 views

CVE-2025-62401

An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment...

5.4CVSS7AI score0.00204EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 12:31 a.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the Menu Display Widget process. An attacker can access sensitive information by viewing content that should be restricted to authorized users. Remediation Upgrade...

6.5CVSS6.5AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2025/10/13 9:31 p.m.5 views

GHSA-PFWQ-MR9G-GQ6M Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.9 views

Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/13 8:42 p.m.3 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS6.4AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 8:42 p.m.9 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.7 views

PT-2025-41811

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...

5.3CVSS6.4AI score0.00243EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.7 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.3CVSS6.5AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/11 8:7 p.m.14 views

CVE-2025-62158

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

6.9CVSS6.6AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder