Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/07/02 6:0 a.m.40 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:0 a.m.16 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 7:50 a.m.37 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00447EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:37 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/17 4:16 a.m.5 views

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

5.3CVSS0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:36 a.m.4 views

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 3:36 a.m.37 views

CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

5.3CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/01/24 2:2 a.m.28 views

CVE-2026-24422

Summary: CVE-2026-24422 affects phpMyFAQ prior to 4.0.17, where public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() uses Question::getAll() with showAll=true by default, returning non-public records (isVisible=f...

7.5CVSS5.5AI score0.00375EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/24 2:2 a.m.3 views

CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

5.3CVSS5.7AI score0.00375EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/24 2:2 a.m.4 views

CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

5.3CVSS5.8AI score0.00375EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/24 2:2 a.m.34 views

CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

5.3CVSS0.00375EPSS
Exploits1References1
OSV
OSV
added 2025/06/26 6:15 a.m.7 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS5.7AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2025/06/26 6:15 a.m.6 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/26 6:4 a.m.4 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS7AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/26 6:4 a.m.22 views

CVE-2025-41404

Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...

5.3CVSS0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

iroha Board 安全漏洞

iroha Board is an e-learning system from iroha Japan. A security vulnerability exists in iroha Board v0.10.12 and earlier versions, which stems from a direct request issue that could allow an attacker to view non-public content...

5.3CVSS4.6AI score0.00206EPSS
Exploits0References2
NCSC
NCSC
added 2021/12/16 12:0 a.m.2 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities potentially allow a malicious party to view non-public wiki content or modify the content of a wiki. MediaWiki has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

7.5CVSS6.7AI score0.0135EPSS
Exploits0
CNVD
CNVD
added 2020/02/14 12:0 a.m.3 views

Opencast License Issues Vulnerabilities

Opencast is a free and open source video management solution that is scalable, customizable and low cost. An authorization issue vulnerability exists in Opencast versions prior to 7.6 and prior to 8.1. The vulnerability stems from a lack of authentication measures or insufficient authentication...

10CVSS6.9AI score0.01293EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2018/12/04 6:52 a.m.1 views

Quora Gets Hacked – 100 Million Users Data Stolen

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday...

6.7AI score
Exploits0
Rows per page
Query Builder