Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2026/01/03 2:22 a.m.7 views

CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.00062EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2013-0032

Malware in sbrugna...

2.1CVSS6AI score0.00065EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-42679

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00426EPSS
Exploits0References2
NVD
NVDadded 2025/08/16 4:15 a.m.2 views

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...

8.8CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/04/24 8:23 a.m.24 views

CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...

9.8CVSS0.00344EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/04/12 6:37 a.m.12 views

CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

4.3CVSS0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/04/12 12:0 a.m.3 views

PT-2025-16168 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...

4.3CVSS5.7AI score0.00219EPSS
Exploits0References10
Prion
Prionadded 2018/02/08 11:29 p.m.22 views

Design/Logic Flaw

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2018/02/08 11:0 p.m.59 views

CVE-2011-4889

CVE-2011-4889 affects IBM WebSphere Application Server via the Virtual Member Manager. The root cause is aPassword update flaw in the Tivoli Directory Server configuration caused by the javax.naming.directory.AttributeInUseException, which might allow a remote attacker to gain access using an old...

9.8CVSS9.1AI score0.00814EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder