Lucene search
K

4429 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35880

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.3.2 Description A missing authorization issue exists due to incorrectly configured access control security levels. Recommendations Update to a version newer than 4.3.1...

6.5CVSS5.2AI score0.00195EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35910

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend rewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/27 1:50 p.m.5 views

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin WP User Frontend versions = 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/24 10:19 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the query process. An attacker can exhaust system memory and impact service availability by submitting queries with excessively large limits. Workaround This vulnerability can be mitigated by setting...

8.7CVSS5.8AI score0.00645EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 p.m.3 views

EUVD-2026-22860

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

7.2CVSS5.7AI score0.00411EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/04/22 12:0 a.m.6 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 12:0 a.m.4 views

UBUNTU-CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS5.6AI score0.00498EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.8 views

CVE-2026-2505

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

5.4CVSS5.9AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 3:15 a.m.4 views

CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 3:15 a.m.17 views

CVE-2026-6600

The CVE affects langflow-ai langflow up to version 1.8.3, targeting the Frontend React component rendering path in src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx. A manipulation can lead to cross-site scripting (XSS); the attack may be launched remotel...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/18 9:49 a.m.117 views

Exploit for CVE-2025-13342

CVE-2025-13342 Frontend Admin by DynamiApps = 3.28.20 - Un...

9.8CVSS5.7AI score0.00447EPSS
Exploits2
NVD
NVD
added 2026/04/17 10:16 p.m.5 views

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

5.3CVSS0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 9:4 p.m.6 views

CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

5.3CVSS5.7AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 9:4 p.m.11 views

CVE-2026-40304

CVE-2026-40304 affects the zrok controller, where the unaccess handler (controller/unaccess.go) uses a faulty ownership guard. If a frontend record has environment_id = NULL (global admin-created frontends), the guard may short-circuit to false, letting a non-admin with a valid global frontend to...

5.3CVSS5.7AI score0.00286EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the unaccess processor, which could allow non-administrator users to delete the global frontend...

5.3CVSS5.8AI score0.00286EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.6 views

[SECURITY] Fedora 44 Update: plasma-login-manager-6.6.4-1.fc44

Plasma Login provides a display manager for KDE Plasma and with an new frontend providing a greeter, wallpaper plugin integration and a System Settings module KCM...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.6 views

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
Snyk
Snyk
added 2026/04/16 9:9 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.7AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 9:9 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.8AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder