Lucene search
K

4429 matches found

CVE
CVE
added 2026/03/25 4:14 p.m.7 views

CVE-2026-24364

CVE-2026-24364 is a Missing Authorization vulnerability in the WordPress plugin WP User Frontend (weDevs) affecting versions up to and including 4.2.5. The issue, identified by a researcher (daroo), arises from incorrectly configured access control security levels. Public advisories from Red Hat,...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-27851

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.2.5 Description An authorization issue exists in weDevs WP User Frontend. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update weDevs WP User...

6.5CVSS5.9AI score0.00311EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.5 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28001

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.2.9 Description An authorization issue exists in weDevs WP User Frontend. Incorrectly configured access control security levels can be exploited. Recommendations Update to a version prior to 4.2.9...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 9:31 p.m.3 views

EUVD-2026-14956

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/24 8:26 p.m.3 views

CVE-2026-23923

A flaw was found in Zabbix. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. This could lead to a limited impact on the availability of the system, depending on the environment setup. Mitigation Mitigation for this issue is eithe...

6.9CVSS5.8AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 7:16 p.m.3 views

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 6:29 p.m.3 views

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 6:29 p.m.16 views

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:29 p.m.4 views

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 6:29 p.m.12 views

CVE-2026-23923

CVE-2026-23923 : An unauthenticated attacker can abuse the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. Impact depends on environment, but appears limited; CVSS 4.0 base vector lists MEDIUM severity (6.9). No concrete exploitation details or affected product/vendor are...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/24 6:29 p.m.2 views

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

6.9CVSS5.6AI score0.00285EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:23 p.m.8 views

Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 3:23 p.m.3 views

MAL-2026-2329 Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/24 3:2 p.m.18 views

CVE-2026-33334

Summary (CVE-2026-33334): Vikunja Desktop Electron wrapper prior to 2.2.0 enables nodeIntegration in the renderer without contextIsolation or sandbox, turning any web frontend XSS into full remote code execution on the victim’s machine. Affected range: Vikunja 0.21.0 through 2.1.x (up to

9.6CVSS6.4AI score0.00385EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/24 3:2 p.m.7 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.3 views

PT-2026-27476

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can exploit the 'validate' action in the Frontend to blindly instantiate arbitrary PHP classes. The impact of this issue depends on t...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References4
Rows per page
Query Builder