Lucene search
K

729 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 9:28 a.m.9 views

CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 9:28 a.m.29 views

CVE-2026-6728

The CVE concerns the WordPress Slider Revolution plugin (up to version 7.0.9). Affected component: get_stream_data() in sliders/stream, enabling unauthenticated attackers to exfiltrate sensitive content, including published password-protected posts, pages, and products. Root cause: Sensitive Info...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42137

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get stream data' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page,...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 9:16 a.m.11 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.8 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.8 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 3:33 p.m.5 views

GHSA-FMH9-GPQH-G53G SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode

Summary The advisory GHSA-c77m-r996-jr3q patched getBookmark so that, when invoked by a publish-mode RoleReader, results are filtered through FilterBlocksByPublishAccess to remove entries from password-protected / publish-ignored notebooks. Four sibling search handlers in the same file did not...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40727

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Broken access control in the publish-mode allows readers to enumerate metadata from documents that are invisible to the publish service. This occurs because certain search handlers do not filter...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/14 11:26 p.m.4 views

CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure

The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...

5.3CVSS5.8AI score0.00892EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.11 views

CVE-2026-34453

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/01 5:5 p.m.18 views

CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...

7.5CVSS0.0037EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 5:5 p.m.7 views

CVE-2026-34376

PdfDing is vulnerable prior to version 1.7.0 due to an access-control flaw that allowed unauthenticated retrieval of password‑protected shared PDFs via the direct file‑serving endpoint without completing the password verification flow. This could expose confidential documents intended to be prote...

7.5CVSS5.7AI score0.0037EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/31 11:30 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getBookmark function. An attacker can retrieve sensitive content from password-protected documents by sending unauthenticated requests to the /api/bookmark/getBookmark endpoint, which improperly authorize...

8.7CVSS5.9AI score0.01227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/31 9:43 p.m.23 views

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS0.01227EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 9:43 p.m.5 views

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:43 p.m.6 views

CVE-2026-34453

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/31 9:43 p.m.9 views

EUVD-2026-17683

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:43 p.m.13 views

CVE-2026-34453

SiYuan exposes bookmarked blocks from password-protected documents via the publish service prior to 3.6.2. In publish/read-only mode, /api/bookmark/getBookmark uses FilterBlocksByPublishAccess(nil, ...) and treats a nil context as authorized, skipping the password check and returning content from...

7.5CVSS5.8AI score0.01227EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/30 6:3 p.m.5 views

EUVD-2026-16748

AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References3
Rows per page
Query Builder