Lucene search
+L

296 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Mega Store Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.9 views

WordPress plugin Ecwid by Lightspeed Ecommerce Shopping Cart 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

8.8CVSS5.8AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 3:4 p.m.5 views

CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS5.5AI score0.00223EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:13 p.m.3 views

CVE-2025-48509

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity...

1.8CVSS5.5AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.8 views

PT-2026-7451

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity...

1.8CVSS5.5AI score0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 6:46 a.m.25 views

CVE-2025-10753

CVE-2025-10753 affects the WordPress plugin WordPress OAuth Single Sign On – SSO (OAuth Client). All versions up to 6.26.14 are vulnerable due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the oauthredirect option parameter, allowi...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.42 views

PT-2026-6677

Name of the Vulnerable Software and Affected Versions OAuth Single Sign On – SSO OAuth Client plugin for WordPress versions prior to 6.26.15 Description The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is susceptible to unauthorized access. This is caused by missing capability...

5.3CVSS5.5AI score0.00334EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.4 views

CVE-2025-47363

Memory corruption when calculating oversized partition sizes without proper checks...

7.8CVSS5.3AI score0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 3:20 p.m.3 views

CVE-2025-47363

Memory corruption when calculating oversized partition sizes without proper checks...

6.8CVSS5.3AI score0.00093EPSS
Exploits0References2
CVE
CVE
added 2026/01/28 9:35 p.m.21 views

CVE-2026-24888

Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/23 2:25 p.m.31 views

CVE-2025-71155 KVM: s390: Fix gmap_helper_zap_one_page() again

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checks for whether the server is running by unlockfilesystem, potentially leading to...

5.5CVSS6AI score0.00115EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/19 11:21 p.m.26 views

CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with...

5.4CVSS0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.11 views

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of null pointer checking, which could lead to null pointer dereferencing...

5.5CVSS6.1AI score0.00116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-13628

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 11:21 a.m.29 views

CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

5.4CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.4 views

CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS4.9AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 6:34 a.m.29 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS0.0028EPSS
Exploits0References2
Rows per page
Query Builder