Lucene search
K

231 matches found

RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.4 views

CVE-2025-14854

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.7 views

CVE-2025-14854

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS0.00222EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.1AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2818

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...

5.4CVSS5.5AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.13 views

CVE-2021-33321

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true...

7.5CVSS7.2AI score0.01422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.9 views

CVE-2025-1714

Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server...

6.9CVSS7AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:1 a.m.6 views

CVE-2025-13313

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

9.8CVSS6AI score0.00495EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 4:29 a.m.23 views

CVE-2025-13313

The CRM Memberships WordPress plugin is vulnerable in versions up to 2.5 due to missing authorization checks on the ntzcrm_changepassword AJAX action and an unauthenticated ntzcrm_get_users endpoint, enabling unauthenticated password resets and enumeration of subscriber emails. This can grant att...

9.8CVSS6AI score0.00495EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49192

Name of the Vulnerable Software and Affected Versions WordPress CRM Memberships plugin versions up to and including 2.5 Description The CRM Memberships plugin for WordPress is susceptible to privilege escalation through a password reset function. The issue stems from a lack of proper authorizatio...

9.8CVSS6.8AI score0.00495EPSS
Exploits0References11
CNVD
CNVD
added 2025/10/21 12:0 a.m.3 views

D-Link Nuclias Connect Observable Response Discrepancy Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...

6.9CVSS7AI score0.00954EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.3 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS7.2AI score0.00954EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 7:15 p.m.5 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS0.00954EPSS
Exploits0References3
OSV
OSV
added 2025/10/16 7:15 p.m.5 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

5.3CVSS5.8AI score0.00954EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/10/16 6:52 p.m.6 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS5.8AI score0.00954EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...

6.9CVSS6.9AI score0.00954EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-27313

Malware in sbrugna...

4.3CVSS4.8AI score0.00845EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0696

Malware in sbrugna...

5CVSS6.4AI score0.01373EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15687

Malware in sbrugna...

7.5CVSS7.5AI score0.01736EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1938

Malware in sbrugna...

5.3CVSS5.5AI score0.01301EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-6769

Malware in sbrugna...

5CVSS6.4AI score0.02457EPSS
Exploits1References6
Rows per page
Query Builder