Lucene search
K

1303 matches found

EUVD
EUVD
added 2026/01/28 8:27 p.m.9 views

EUVD-2026-4872

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
CVE
CVE
added 2026/01/28 8:27 p.m.27 views

CVE-2026-24766

NocoDB prior to 0.301.0 is affected by a prototype pollution in /api/v2/meta/connection/test. An authenticated user with org-level-creator permissions can trigger pollution that causes all database write operations to fail until the server is restarted. The issue bypasses SUPER_ADMIN checks but c...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/01/27 4:16 p.m.21 views

CVE-2020-36940

Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash...

9.8CVSS0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/27 3:23 p.m.7 views

EUVD-2020-30858

Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash...

9.8CVSS6.1AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/27 3:23 p.m.20 views

CVE-2020-36940 Easy CD & DVD Cover Creator 4.13 - Denial of Service

Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash...

9.8CVSS6.1AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.5 views

PT-2026-4922

Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash...

9.8CVSS6.1AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.8 views

Easy CD & DVD Cover Creator has a security vulnerability

Easy CD & DVD Cover Creator is a CD/DVD cover creation software developed by Ben Williamson. Version 4.13 of Easy CD & DVD Cover Creator has a security vulnerability; this vulnerability stems from a buffer overflow in the serial number input field, which may cause the application to crash...

9.8CVSS6AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 6:6 p.m.6 views

GHSA-3V2X-9XCV-2V2V SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...

7.5CVSS6AI score
Exploits0References5
Patchstack
Patchstack
added 2026/01/20 10:52 p.m.13 views

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...

8.8CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/20 3:16 p.m.7 views

CVE-2025-15347

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/20 2:26 p.m.5 views

CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 2:26 p.m.17 views

CVE-2025-15347

The Creator LMS WordPress plugin (

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/20 2:26 p.m.25 views

CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:26 p.m.4 views

CVE-2025-15347

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS5.5AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

WordPress plugin Creator LMS has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.9 views

PT-2026-3572

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get items permissions check function in all versions up to, and including, 1.1.12...

8.8CVSS5.7AI score0.00271EPSS
Exploits0References3
CNVD
CNVD
added 2026/01/19 12:0 a.m.2 views

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.12 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.5 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.27 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
Rows per page
Query Builder