Lucene search
+L

140 matches found

NVD
NVD
added 2026/04/03 9:17 p.m.13 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00436EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.10 views

Gardyn 访问控制错误漏洞

Gardyn is an indoor smart hydroponic cultivation device developed by the American company Gardyn. Gardyn has a access control vulnerability, which allows certain endpoints to expose the account information of all registered users without authentication...

9.3CVSS5.8AI score0.00436EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a flaw in the order of cleaning operations for the about field in user profiles, which...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.7 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 2:23 a.m.6 views

CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 2:23 a.m.28 views

CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.5 views

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 8:21 a.m.21 views

CVE-2025-13493

CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/07 6:55 a.m.10 views

WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...

7.5CVSS6.7AI score0.00283EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

WordPress plugin Latest Registered Users 安全漏洞

...

7.5CVSS6.7AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1588

Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...

7.5CVSS6.4AI score0.00283EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-14932

Malware in sbrugna...

5.4CVSS5.5AI score0.0052EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0604

Malware in sbrugna...

5CVSS6.4AI score0.07333EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0701

Malicious code in bioql PyPI...

4.1CVSS4.6AI score0.00456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27269

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.01367EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/17 10:46 p.m.6 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/16 12:30 a.m.6 views

Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS6.9AI score0.00231EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/16 12:30 a.m.5 views

GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.9AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2025/09/15 10:15 p.m.4 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS6.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 9:28 p.m.1 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.5AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder