Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.6AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 5:10 p.m.7 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 5:10 p.m.7 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 5:10 p.m.71 views

CVE-2026-20219

Cisco Slido REST API contains an insecure direct object reference that could let an authenticated, remote attacker view other users’ social profiles or affect quiz/poll results via a crafted request. Impact described as low confidentiality and integrity impact, with no availability impact. Cisco ...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 5:10 p.m.34 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38080

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/17 2:13 a.m.15 views

WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability

Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...

5.3CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.4 views

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

4.3CVSS5AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 9:15 a.m.4 views

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/01/06 9:15 a.m.3 views

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

4.3CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 8:21 a.m.11 views

CVE-2025-9294

CVE-2025-9294 affects the Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker WordPress plugin. Root cause: missing capability check in qsm_dashboard_delete_result, enabling authenticated users with Subscriber-level access and above to delete quiz results on all versions up to 10.3.1. Wordf...

4.3CVSS4.7AI score0.00193EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/06 8:21 a.m.2 views

CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

4.3CVSS4.7AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/06 8:21 a.m.30 views

CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

4.3CVSS0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.8 views

PT-2026-1427

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized data loss. This...

4.3CVSS6.1AI score0.00193EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/01/05 10:44 p.m.11 views

WordPress Quiz And Survey Master plugin <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Quiz Results Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Quiz And Survey Master versions = 10.3.1...

4.3CVSS6.8AI score0.00193EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-1044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. CVE-2018-1044 Note that Nessus relies on the presence...

4.3CVSS5.3AI score0.00989EPSS
Exploits0References2
OSV
OSV
added 2025/04/11 1:15 a.m.5 views

CVE-2025-32808

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...

7.7CVSS5.9AI score0.00346EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.6 views

PT-2024-16548 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue arises from a missing capability check on the ays show results function, allowing unauthenticated attackers to access arbitrary quiz results,...

5.3CVSS6.3AI score0.00549EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.6 views

Quiz And Survey Master < 8.1.19 - Multiple Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to show disabled contact fields and delete quiz results...

6.7AI score
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.3 views

SUSE CVE-2018-1044

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings...

4.3CVSS4.8AI score0.00989EPSS
Exploits0References3
Rows per page
Query Builder