Lucene search
K

82 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57689

Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...

4.3CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57690

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57689

The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version <= 4.7.2. Impact: unauthorized access to restricted functionality, as...

4.3CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added 4 days ago7 views

WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...

4.3CVSS5.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36828

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS5.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:0 a.m.32 views

CVE-2026-7862 Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

0.00215EPSS
Exploits0References1
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.18 views

2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 (KB5088864)

2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 KB5088864...

5.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/12 12:0 a.m.18 views

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5088860)

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB5088860 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

7.3CVSS5.9AI score0.00662EPSS
Exploits0
NVD
NVD
added 2026/03/24 7:16 p.m.2 views

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

7.1CVSS0.00264EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/24 6:1 p.m.4 views

CVE-2026-33417 Wallos: Password Reset Tokens Never Expire

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

6.5CVSS5.7AI score0.00264EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 8:35 a.m.24 views

CVE-2026-25442 WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

7.1CVSS0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26274

CVE-2026-25442 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kent… https://t.co/axHDzJndSj...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 9:49 p.m.5 views

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5367

Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...

7.6CVSS6AI score0.00566EPSS
Exploits1References7
NVD
NVD
added 2026/01/28 12:15 p.m.14 views

CVE-2026-0483

Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...

6.9CVSS0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

4.8CVSS5.9AI score0.00236EPSS
Exploits1References1Affected Software1
Microsoft Security Update
Microsoft Security Update
added 2025/10/14 5:0 p.m.10 views

2025-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 (KB5066738)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

6.7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/09/09 12:0 a.m.14 views

September 9, 2025-KB5065955 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

September 9, 2025-KB5065955 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: September 9, 2025 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and...

6.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/07/08 12:0 a.m.11 views

July 8, 2025-KB5062152 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

July 8, 2025-KB5062152 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: July 8, 2025 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.6 views

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

9.1CVSS6.8AI score0.01199EPSS
Exploits0References1
Rows per page
Query Builder