Lucene search
K

357 matches found

RedhatCVE
RedhatCVE
added 2026/01/17 10:1 a.m.6 views

CVE-2025-14844

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

8.2CVSS5.7AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 10:16 a.m.4 views

CVE-2025-14844

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/16 9:23 a.m.29 views

CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

8.2CVSS0.00419EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/16 9:23 a.m.4 views

CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

8.2CVSS5.3AI score0.00419EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress plugin “Membership Plugin” – Security vulnerability regarding content restriction

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.2CVSS5.8AI score0.00419EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/15 6:16 p.m.16 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/14 6:16 p.m.26 views

CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS0.00306EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/14 6:16 p.m.4 views

CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.1AI score0.00306EPSS
Exploits1References1
OSV
OSV
added 2026/01/14 6:16 p.m.9 views

CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.4AI score0.00306EPSS
Exploits1References3
CVE
CVE
added 2026/01/14 6:16 p.m.32 views

CVE-2026-23477

Rocket.Chat versions up to 6.12.0 expose the GET /api/v1/oauth-apps.get endpoint to any authenticated user, allowing retrieval of OAuth app details (including client_id and client_secret) if the user knows the ID. This constitutes a disclosure vulnerability with impact on confidentiality. The iss...

7.7CVSS6.1AI score0.00306EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.14 views

PT-2026-2940

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.14 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS6.3AI score0.02016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.4 views

CVE-2025-12540 ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics clientID and clientsecret being stored in plaintext in the publicly visible plugin source. This can...

4.7CVSS5.8AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 6:35 a.m.3 views

CVE-2025-12139 File Manager for Google Drive – Integrate Google Drive with WordPress <= 1.5.3 - Unauthenticated Sensitive Information Exposure

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "getlocalizedata" function. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS5.3AI score0.02362EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/05 6:35 a.m.248 views

CVE-2025-12139 File Manager for Google Drive – Integrate Google Drive with WordPress <= 1.5.3 - Unauthenticated Sensitive Information Exposure

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "getlocalizedata" function. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS0.02362EPSS
Exploits0References5
CVE
CVE
added 2025/11/05 6:35 a.m.34 views

CVE-2025-12139

The CVE-2025-12139 vulnerability affects the File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress. The issue, present in all versions up to 1.5.3, stems from improper protection of the get_localize_data function and enables unauthenticated attackers to exfilt...

7.5CVSS5.3AI score0.02362EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-11889

Malware in sbrugna...

9.8CVSS9.4AI score0.01808EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0426

Malware in sbrugna...

7.5CVSS7.4AI score0.02016EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.12 views

CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

6.2CVSS6.9AI score0.00159EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1374

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00397EPSS
Exploits0References3
Rows per page
Query Builder