Lucene search
K

4428 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41861

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.3 views

@antv/l7 (>=2.10.0 <=2.25.10), @antv/l7-component (>=2.21.4 <=2.25.10) +7 more potentially affected by unknown CVE via @antv/l7-map (>=2.10.0 <=2.25.9)

@antv/l7-map NPM version =2.10.0, =2.10.0, =2.21.4, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7MAP-16754443...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

@antv/l7 (=2.0.0-beta.5), @antv/l7-draw (>=2.1.13 <=2.1.14) +4 more potentially affected by unknown CVE via @antv/l7 (>=2.0.0-beta.4 <=2.25.9)

@antv/l7 NPM version =2.0.0-beta.4, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7-16755105...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.9 views

@glorysoft/mcs_tool (>=0.0.25 <=0.0.28), @ithinkdt/lowcode (>=4.0.0 <=4.0.5) +15 more potentially affected by unknown CVE via @antv/x6 (=3.1.7)

@antv/x6 NPM version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6 and may be impacted: - @glorysoft/mcstool =0.0.25, =4.0.0, =2.0.0, =0.7.0, =0.7.0, =0.14.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.1.7 and more Source cves: unknown CVE...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-draw (>=2.1.13 <=2.1.14) +6 more potentially affected by unknown CVE via @antv/l7-renderer (>=2.10.0 <=2.25.9)

@antv/l7-renderer NPM version =2.10.0, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7RENDERER-16754403...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/05/18 5:42 p.m.9 views

Improper Privilege Management

Overview @budibase/frontend-core is a Budibase frontend core libraries used in builder and client Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 5:42 p.m.5 views

@budibase/client (>=3.0.0 <=3.2.26), @budibase/server (>=3.0.0 <=3.2.26) potentially affected by CVE-2026-45716 via @budibase/frontend-core (>=3.0.0 <=3.2.7)

@budibase/frontend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-45716 Source advisory: SNYK:JS-BUDIBASEFRONTENDCORE-16759691...

8.8CVSS5.4AI score0.00261EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2026/05/18 4:40 p.m.15 views

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...

6.9CVSS5.8AI score0.00352EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/18 12:31 a.m.6 views

GHSA-CVWM-VWHP-22JX org.linlinjava:litemall-wx-api has an Injection issue

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...

7.3CVSS6.7AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/05/17 11:30 p.m.19 views

CVE-2026-8771

The vulnerability CVE-2026-8771 affects linlinjava litemall up to v1.8.0, specifically the Front-end WeChat API component WxGoodsController.java (WxGoodsController). A SQL injection can be triggered by manipulating the function list, with remote exploitation possible and the exploit publicly rele...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.11 views

PT-2026-41590

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/05/15 7:17 p.m.17 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00265EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:44 p.m.16 views

CVE-2026-45800

Summary: CVE-2026-45800 affects the Vvveb CMS prior to version 1.0.8.3. The vulnerability is an authenticated SQL injection in the frontend order history page (/user/orders). The order_by and direction parameters are taken from the URL, propagated through the Orders component, and directly concat...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:44 p.m.10 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/15 6:44 p.m.10 views

EUVD-2026-30582

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:42 p.m.15 views

CVE-2026-45622

Vvveb CMS (version prior to 1.0.8.3) is affected by an unauthenticated reflected XSS in the public product return form. The issue arises from inserting the customer_order_id into the error message without HTML escaping, allowing attacker-controlled HTML/JavaScript to execute in the submitting use...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.13 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.53 views

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References6
Rows per page
Query Builder