Lucene search
+L

70 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 11:26 a.m.3 views

CVE-2025-14799 Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison == instead of strict comparison === when validating the installation ID in the...

6.5CVSS5.5AI score0.00463EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 7:25 a.m.3 views

CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 7:25 a.m.39 views

CVE-2026-1938

The YayMail – WooCommerce Email Customizer for WordPress is affected by CVE-2026-1938: versions up to 4.3.2 expose the REST endpoint /yaymail-license/v1/license/delete without proper authorization, enabling authenticated attackers (Shop Manager level and higher) to delete the plugin license key i...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/18 12:29 a.m.8 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability

Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : cloud-init-19.4-1.el8.7 (AXSA:2020-635:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-635:05 advisory. cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 The default cloud-init configuration, in cloud-init 0.6.2 and newer,...

7.1CVSS7.8AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1589

Name of the Vulnerable Software and Affected Versions Moosend Landing Pages plugin for WordPress versions through 1.1.6 Description The Moosend Landing Pages plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the moosend...

5.3CVSS6.4AI score0.00277EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/12 7:27 a.m.3 views

CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

4.3CVSS4.7AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/12 7:27 a.m.9 views

CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

4.3CVSS0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-16649

Malware in sbrugna...

5.5CVSS5.5AI score0.01247EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-0217

Malware in sbrugna...

1.8CVSS8.5AI score0.01498EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-411488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-411488 advisory. In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154llseckeydel mac802154llseckeydel can free...

7.8CVSS6AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-49341

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49735

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00386EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1815

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01157EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.11 views

CVE-2024-8675

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettredisconnectgateway function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-6472 · Kaspersky · Kaspersky Security Cloud +11

Name of the Vulnerable Software and Affected Versions: Kaspersky Virus Removal Tool for Windows affected versions not specified Kaspersky Endpoint Security for Windows affected versions not specified Kaspersky Security for Virtualization Light Agent affected versions not specified Kaspersky...

4.6CVSS7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/26 12:55 a.m.10 views

kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del

A flaw was found in the Linux Kernel where resources are improperly managed in IEEE 802.15.4 networking, leading to a potential use-after-free issue, resulting in a denial of service...

7.8CVSS7.2AI score0.00239EPSS
Exploits0References5
Veracode
Veracode
added 2024/11/14 6:33 a.m.7 views

Authentication Bypass

OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to inadequate session handling in OctoPrint, which allows an attacker with temporary control over an authenticated session to access or delete the API key without requiring reauthentication...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/25 6:15 a.m.4 views

CVE-2024-9109

The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteoauthdata function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00386EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/05/13 7:0 a.m.4 views

mac802154: fix llsec key resources release in mac802154_llsec_key_del

...

7.8CVSS6.8AI score0.00239EPSS
Exploits0
Rows per page
Query Builder