231 matches found
CVE-2025-14854
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...
CVE-2025-14854
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...
CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...
PT-2026-2818
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true...
CVE-2025-1714
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server...
CVE-2025-13313
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
CVE-2025-13313
The CRM Memberships WordPress plugin is vulnerable in versions up to 2.5 due to missing authorization checks on the ntzcrm_changepassword AJAX action and an unauthenticated ntzcrm_get_users endpoint, enabling unauthenticated password resets and enumeration of subscriber emails. This can grant att...
PT-2025-49192
Name of the Vulnerable Software and Affected Versions WordPress CRM Memberships plugin versions up to and including 2.5 Description The CRM Memberships plugin for WordPress is susceptible to privilege escalation through a password reset function. The issue stems from a lack of proper authorizatio...
D-Link Nuclias Connect Observable Response Discrepancy Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
D-Link Nuclias Connect 安全漏洞
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...
EUVD-2021-27313
Malware in sbrugna...
EUVD-2005-0696
Malware in sbrugna...
EUVD-2019-15687
Malware in sbrugna...
EUVD-2018-1938
Malware in sbrugna...
EUVD-2013-6769
Malware in sbrugna...