Lucene search
K

189 matches found

Nuclei
Nuclei
added yesterday5 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-52664

Name of the Vulnerable Software and Affected Versions YMC Filter WordPress plugin versions prior to 3.11.3 Description An issue exists where the software fails to properly authorize access to a REST API endpoint and does not validate a user-supplied query parameter. This allows unauthenticated...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.8 views

DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/23 8:12 a.m.17 views

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/23 1:27 a.m.15 views

SUSE CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

8.1CVSS5.8AI score0.0044EPSS
Exploits0References18
EUVD
EUVD
added 2026/05/22 7:50 a.m.10 views

EUVD-2026-31419

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.33 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00447EPSS
Exploits0References8
CVE
CVE
added 2026/05/22 7:50 a.m.22 views

CVE-2026-9011

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00447EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.9 views

Unlocking Apple's Private Cloud Compute: An Analysis of Privacy-Preserving Artificial Intelligence

Many existing Artificial Intelligence AI solutions on mobile devices rely on an extensive collection of sensitive data, raising privacy concerns and often requiring storage for both context and model improvement. Apple's Private Cloud Compute PCC aims to address this by emphasizing mobile device...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42740

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References9
Nuclei
Nuclei
added 2026/04/23 11:14 a.m.9 views

Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure

The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...

5.3CVSS5.7AI score0.00661EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 4:2 p.m.27 views

CVE-2026-40516

Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.

8.3CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.3 views

SUSE CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 9:17 p.m.3 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

5.5CVSS0.00249EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 7:32 p.m.3 views

GHSA-XQQ2-4J46-VWP7 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

Summary PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3 scheduler sends an outbound HTTP POST to that URL when the task reaches a terminal state. ...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 9:37 p.m.19 views

CVE-2026-32299

CVE-2026-32299 is linked to a GitHub Advisory for Connect CMS describing an improper authorization vulnerability in the page content retrieval feature. The issue could allow a third party to access contents and attachments of non-public pages due to insufficient authorization checks. Affected sof...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:37 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder