2839 matches found
EUVD-2026-29393
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
CVE-2026-4301
The CVE-2026-4301 entry documents a vulnerability in the WordPress plugin Rate Star Review Vote (versions up to 1.6.4). The vwrsr_review() AJAX handler lacks proper capability checks and nonce verification, relying only on is_user_logged_in(). When form is set to 'update', an attacker-supplied ra...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
PT-2026-39948
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...
WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞
WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...
WordPress YASR – Yet Another Star Rating Plugin for WordPress plugin <= 3.4.12 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Yet Another Stars Rating versions = 3.4.12...
WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin GD Rating System versions = 3.6.2...
BuildReview2
BuildReview2 - Attack-Path-Driven Windows Host Review A rewri...
tomcat10-10.1.54-1.1 on GA media (moderate)
tomcat10-10.1.54-1.1 on GA media Announcement ID: openSUSE-SU-2026:10548-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4....
dnsdist-2.0.3-1.1 on GA media (moderate)
dnsdist-2.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10473-1 Rating: moderate Cross-References: CVE-2026-0396 CVE-2026-24028 CVE-2026-24030 CVE-2026-27854 CVSS scores: CVE-2026-0396 SUSE : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2026-0396 SUSE : 2.1...
pnpm-10.32.1-1.1 on GA media (moderate)
pnpm-10.32.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10410-1 Rating: moderate Cross-References: CVE-2026-24842 CVSS scores: CVE-2026-24842 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-24842 SUSE : 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N...
Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
coredns-1.14.2-1.1 on GA media (moderate)
coredns-1.14.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10297-1 Rating: moderate Cross-References: CVE-2026-26017 CVE-2026-26018 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...
Supporting Artifact Evaluation with LLMs: A Study with Published Security Research Papers
Artifact Evaluation AE is essential for ensuring the transparency and reliability of research, closing the gap between exploratory work and real-world deployment is particularly important in cybersecurity, particularly in IoT and CPSs, where large-scale, heterogeneous, and privacy-sensitive data...
build-20260202-2.1 on GA media (moderate)
build-20260202-2.1 on GA media Announcement ID: openSUSE-SU-2026:10183-1 Rating: moderate Cross-References: CVE-2024-22038 CVSS scores: CVE-2024-22038 SUSE : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H CVE-2024-22038 SUSE : 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N...
Security update for the Linux Kernel (important)
openSUSE security update: security update for the linux kernel ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20145-1 Rating: important References: bsc1205462 bsc1214285 bsc1243112 bsc1245193 bsc1247500 bsc1250388 bsc1252046 bsc1252861 bsc1253155...
CVE-2026-20045 Cisco Unified Communications Products Remote Code Execution Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...
Exploit for CVE-2025-69459
CVE-2025-69459 – Movie Rating System 1.0 Broken Access C...
Exploit for CVE-2025-69458
CVE-2025-69458 – Movie Rating System 1.0 SQLi to...