Lucene search
K

189 matches found

GithubExploit
GithubExploit
added 2025/06/23 9:8 p.m.396 views

Exploit for CVE-2025-4322

CVE-2025-4322 : Unauthenticated Privilege Escalation via Passw...

9.8CVSS10AI score0.18241EPSS
Exploits3
Amazon
Amazon
added 2025/06/10 12:0 a.m.5 views

Medium: ghostscript

Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript...

4CVSS7.4AI score0.00276EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.3 views

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

8.8CVSS7.5AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:41 p.m.11 views

CVE-2020-0621

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'...

4.4CVSS7AI score0.00972EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.11 views

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS9.3AI score0.18241EPSS
Exploits3References2
Patchstack
Patchstack
added 2025/05/19 7:44 p.m.8 views

WordPress Motors theme <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Password Update/Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Motors versions = 5.6.67...

9.8CVSS7AI score0.18241EPSS
Exploits3References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/05/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-4322

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.8AI score0.18241EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/05/06 1:42 a.m.24 views

CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

8.8CVSS0.00512EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/05/03 10:30 a.m.9 views

Hacking Spree Hits UK Retail Giants

Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/26 9:4 a.m.21 views

CVE-2025-3607

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...

8.8CVSS7.4AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 9:15 a.m.13 views

CVE-2025-3607

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...

8.8CVSS0.00374EPSS
Exploits0References4
CVE
CVE
added 2025/04/24 8:23 a.m.73 views

CVE-2025-3603

CVE-2025-3603 (Flynax Bridge, WordPress) is an unauthenticated privilege-escalation flaw in the Flynax Bridge plugin, affecting versions up to and including 2.2.0. The root cause is improper validation of a user’s identity before updating user details (e.g., passwords), enabling an unauthenticate...

9.8CVSS9.8AI score0.00463EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.37 views

CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...

9.8CVSS0.00463EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/24 8:23 a.m.4 views

CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...

9.8CVSS7.5AI score0.00463EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.28 views

CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...

4.2CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2025/04/24 8:23 a.m.57 views

CVE-2025-3793

CVE-2025-3793 affects the Buddypress Force Password Change plugin for WordPress (versions up to 0.1). The vulnerability enables authenticated users (subscriber level or higher) to perform an account takeover by exploiting insufficient identity validation in the bp_force_password_ajax password-upd...

4.2CVSS4.6AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.8 views

PT-2025-17716

Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to and including 2.2.0 Description The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover. This issue arises because the plugin does not properly validat...

9.8CVSS7.3AI score0.00463EPSS
Exploits0References16
NVD
NVD
added 2025/04/12 7:15 a.m.13 views

CVE-2025-3292

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

4.3CVSS0.00273EPSS
Exploits0References3
CVE
CVE
added 2025/04/12 6:37 a.m.81 views

CVE-2025-3292

CVE-2025-3292 concerns the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile.” It is vulnerable to Insecure Direct Object Reference due to missing validation on the user_id parameter, enabling update of other users’ passwords when an attacke...

4.3CVSS4.6AI score0.00273EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/04/12 6:37 a.m.17 views

CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

4.3CVSS0.00273EPSS
Exploits0References3
Rows per page
Query Builder