Lucene search
K

435 matches found

CNNVD
CNNVD
added 2025/09/27 12:0 a.m.7 views

CampCodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...

9.8CVSS7.8AI score0.00441EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.6 views

PT-2025-39739

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Learning Management System version 1.0. The issue is located in the file /admin/de activate.php and affects an unknown functio...

9.8CVSS7.3AI score0.00441EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.4 views

PT-2025-38145

Name of the Vulnerable Software and Affected Versions: Sydney theme for WordPress versions prior to 2.57 Description: The Sydney theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the activate modules function. This allows authenticated...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References9
OSV
OSV
added 2025/09/15 7:54 a.m.6 views

CLSA-2025-1757922878 kernel: Fix of 4 CVEs

net/sched: Always pass notifications when child class becomes empty CVE-2025-38350 - schcbq: make cbqqlennotify idempotent CVE-2025-38000 - schhtb: make htbqlennotify idempotent CVE-2025-37932 - codel: remove sch-q.qlen check before qdisctreereducebacklog CVE-2025-37798 - schqfq: make...

7.8CVSS6.7AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/11 6:43 a.m.10 views

CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...

4.3CVSS0.00176EPSS
Exploits0References4
CVE
CVE
added 2025/09/11 6:43 a.m.18 views

CVE-2025-8479

CVE-2025-8479: The Zoho Flow WordPress plugin (versions ≤ 2.14.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in zoho_flow_deactivate_plugin. This allows unauthenticated attackers to cause changes to typography settings by tricking an admin into a forged ...

4.3CVSS4.9AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.6 views

PT-2025-37119

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zoho flow deactivate plugin function. This makes it possible for unauthenticated attackers to modify typography...

4.3CVSS5.2AI score0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/09 10:6 p.m.11 views

CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens

Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...

5.5CVSS0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.4 views

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS6AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 3:42 a.m.1 views

CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS5.4AI score0.00182EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/27 11:56 p.m.6 views

WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...

4.3CVSS7AI score0.00182EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/22 11:31 a.m.7 views

CVE-2025-8102

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

5.4CVSS6.1AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 11:26 a.m.24 views

CVE-2025-8102

CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...

5.4CVSS6.7AI score0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/08 4:27 a.m.8 views

CVE-2025-21010

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account...

6CVSS6.1AI score0.00129EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/08/07 7:0 a.m.5 views

coresight: prevent deactivate active config while enabling the config

...

7.8CVSS7AI score0.00166EPSS
Exploits0
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Aug-2025 Release 1, which stems from improper privilege management and...

6CVSS6.4AI score0.00129EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.11 views

The vulnerability of the j1939_session_deactivate() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the j1939sessiondeactivate function in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References12Affected Software9
RedhatCVE
RedhatCVE
added 2025/05/23 9:50 a.m.6 views

CVE-2024-7641

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivateact.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely...

9.8CVSS7.4AI score0.00941EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:3 a.m.7 views

CVE-2023-46188

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

4.3CVSS8.5AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.6 views

CVE-2023-22687

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...

7.5CVSS6.9AI score0.00516EPSS
Exploits0References1
Rows per page
Query Builder