Lucene search
K

102 matches found

Cvelist
Cvelist
added 2026/03/21 3:27 a.m.28 views

CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:27 a.m.9 views

CVE-2026-2720

The Hr Press Lite WordPress plugin is vulnerable due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to 1.0.2, allowing authenticated users with Subscriber-level access and above to fetch sensitive employee data (names, emails, phone numbers, salary/pay rat...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.7 views

CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Hr Press Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26842

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References6
HackRead
HackRead
added 2026/03/20 9:25 p.m.7 views

Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach

LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12391

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 10:11 a.m.29 views

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:11 a.m.4 views

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 10:11 a.m.12 views

CVE-2026-3021

CVE-2026-3021 is a NoSQLi in the Wakyma web application, specifically at the endpoint vets.wakyma.com/centro/equipo/empleado. An authenticated user can alter a GET request to inject NoSQL commands, enabling enumeration of sensitive employee data. The entry is scored with a BASE CVSS v4.0 score of...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.2 views

PT-2026-25670

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/centro/equipo/empleado. This vulnerability could allow authenticated users to enumerate...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/02/10 8:22 a.m.12 views

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority AP and the Council for the Judiciary confirmed both agencies Rvdr have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile EPMM, according to a notice se...

9.8CVSS9AI score0.8404EPSS
Exploits6
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.27 views

CVE-2025-13990 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

4.3CVSS0.00149EPSS
Exploits0References7
HackRead
HackRead
added 2025/12/11 10:27 a.m.4 views

Top 10 Data Anonymization Solutions for 2026

Every business today has to deal with private information – whether it is about customers, employees, or financial…...

6.8AI score
Exploits0
CVE
CVE
added 2025/11/04 4:27 a.m.25 views

CVE-2025-11758

CVE-2025-11758 : All in One Time Clock Lite (WordPress)

6.5CVSS5AI score0.00249EPSS
Exploits0References5
HackRead
HackRead
added 2025/10/30 10:56 p.m.6 views

Akira Ransomware Claims It Stole 23GB from Apache OpenOffice

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified...

7AI score
Exploits0
HackRead
HackRead
added 2025/10/26 7:28 p.m.6 views

Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records

Everest ransomware group claims to have stolen 1.5 million passenger records from Dublin Airport and personal data of 18,000 Air Arabia employees in latest breaches...

7AI score
Exploits0
Rows per page
Query Builder