Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.10 views

CVE-2026-3896

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/04 8:0 p.m.12 views

Argo has Missing Authorization in its Sync ConfigMap Provider

Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...

8.5CVSS6.8AI score0.00515EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of ownership checks at the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint, whic...

6.3CVSS5.8AI score0.00249EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-6421

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

9.8CVSS5.7AI score0.00724EPSS
Exploits1References6
OSV
OSV
added 2020/05/12 6:15 p.m.4 views

CVE-2020-6243

Under certain conditions, SAP Adaptive Server Enterprise XP Server on Windows Platform, versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected...

8.8CVSS7.5AI score0.00881EPSS
Exploits0References2
CNVD
CNVD
added 2015/02/21 12:0 a.m.5 views

Red Hat JBoss Enterprise Application Platform Role Based Access Control Component Security Bypass Vulnerability

Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform for building, deploying, and hosting Java applications and services.JBoss Application Server AS, also known as WildFly is an open source JavaEE-based application server; the JacORB subsystem is a...

4CVSS6.9AI score0.0126EPSS
Exploits0References1
Rows per page
Query Builder