Lucene search
K

823 matches found

CVE
CVE
added 2026/03/18 9:28 a.m.20 views

CVE-2026-1217

The CVE-2026-1217 issue affects the WordPress plugin Yoast Duplicate Post, where a missing capability check in clone_bulk_action_handler() and republish_request() enables authenticated attackers (Contributor level and above) to duplicate any post, including private/draft/trashed posts. Additional...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/18 2:29 a.m.7 views

WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:36 a.m.36 views

CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS0.00193EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 7:36 a.m.17 views

CVE-2026-2917

CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/10 11:17 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/06 12:31 a.m.8 views

EUVD-2026-9940

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00386EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/04 4:36 p.m.2 views

CVE-2026-28782 Craft has a Permission Bypass and IDOR in Duplicate Entry Action

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...

5.3CVSS6AI score0.00234EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 4:36 p.m.7 views

CVE-2026-28782

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...

5.3CVSS6AI score0.00234EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 9:5 p.m.9 views

Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action

Description The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is restricted in the UI, a user can bypass this restriction by sending a direc...

5.3CVSS6AI score0.00234EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.11 views

PT-2026-22951

Name of the Vulnerable Software and Affected Versions Craft versions prior to 5.9.0-beta.1 Craft versions prior to 4.17.0-beta.1 Description Craft is a content management system CMS. A flaw exists where the "Duplicate" entry action does not properly verify user permissions for specific target...

7.1CVSS5.9AI score0.00234EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 4:42 a.m.10 views

Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...

9.4CVSS6.5AI score0.01735EPSS
Exploits2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/18 3:36 p.m.4 views

CVE-2013-0188

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0189, CVE-2013-0191. Reason: this identifier was intended for one issue, but it was inadvertently associated with multiple issues. Notes: All CVE users should consult CVE-2013-0189 and CVE-2013-0191 to determine which ID is appropriate. All...

5CVSS5.6AI score0.23026EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.7 views

CVE-2026-25531

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

5.4CVSS5.5AI score0.00385EPSS
Exploits2References1
NVD
NVD
added 2026/02/13 3:15 p.m.6 views

CVE-2026-25531

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS0.00223EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/13 3:4 p.m.7 views

CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS5.5AI score0.00223EPSS
Exploits1References3
OSV
OSV
added 2026/02/13 3:4 p.m.5 views

CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS5.5AI score0.00223EPSS
Exploits1References5
CVE
CVE
added 2026/02/13 3:4 p.m.16 views

CVE-2026-25531

Kanboard is affected by CVE-2026-25531 due to a missing permission check in the TaskCreationController::duplicateProjects() endpoint. The vulnerability allows an authenticated user to duplicate tasks into projects they should not access, enabling horizontal privilege escalation within Kanboard’s ...

4.3CVSS5.5AI score0.00223EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/13 3:4 p.m.34 views

CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS0.00223EPSS
Exploits1References3
OSV
OSV
added 2026/01/26 2:49 p.m.6 views

BIT-MOODLE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

3.5CVSS5.8AI score0.00153EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.4 views

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.8AI score0.00127EPSS
Exploits0References3
Rows per page
Query Builder