Lucene search
K

820 matches found

Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.8 views

PT-2026-3338

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel booking fetch customer info' AJAX action to unauthenticated users without proper capability checks, relying only on ...

5.3CVSS5.5AI score0.0026EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/15 3:15 p.m.4 views

CVE-2026-22236

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS7.3AI score0.00469EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/14 2:38 p.m.4 views

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

10CVSS5.7AI score0.00644EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 2:34 p.m.6 views

CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS7AI score0.00469EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/14 2:34 p.m.3 views

CVE-2026-22236

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS5.7AI score0.00469EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 2:34 p.m.14 views

CVE-2026-22236

Technical details about CVE-2026-22236 are not publicly available in the provided documents. The descriptions summarize improper backend API authentication but do not specify affected components, versions, impact specifics, or fixes. Monitor for updates from vendors and security feeds.

10CVSS7AI score0.00469EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.11 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper authentication of the management API, which could lead an attacker to create new users with administrator privileges, which...

10CVSS6.8AI score0.00644EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

10CVSS6.7AI score0.00469EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.4 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improperly implemented password storage and exposure through an unauthenticated API, which could lead to an attacker retrieving the...

10CVSS6.9AI score0.03001EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.4 views

CVE-2022-0920

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data...

7.5CVSS6.8AI score0.01431EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.6 views

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.4 views

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

6.5CVSS6.4AI score0.00555EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4145

Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...

6.5CVSS5.9AI score0.00538EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.27 views

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS0.00337EPSS
Exploits0References6
CVE
CVE
added 2026/01/09 7:22 a.m.20 views

CVE-2025-14146

CVE-2025-14146 is a Booking Calendar WordPress plugin issue (up to version 10.14.10) where unauthenticated attackers can exfiltrate sensitive booking data via the WPBC_FLEXTIMELINE_NAV AJAX action. The root cause is that nonce verification is conditionally disabled by default because the setting ...

5.3CVSS5.8AI score0.00337EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2026/01/07 12:19 p.m.7 views

One million customers on alert as extortion group claims massive Brightspeed data haul

US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/07 12:3 p.m.4 views

The Wegman’s Supermarket Chain Is Probably Using Facial Recognition

The New York City Wegman's is collecting biometric information about customers...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.5 views

CVE-2019-7851

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages...

6.5CVSS6.7AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.13 views

CVE-2019-7951

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP reques...

7.5CVSS6.3AI score0.01186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.9 views

CVE-2019-16403

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values such as address, review, orders, etc. can also be manipulated by other customers...

8.8CVSS6.8AI score0.01393EPSS
Exploits1References1
Rows per page
Query Builder