Lucene search
K

4324 matches found

RedhatCVE
RedhatCVE
added 2026/01/19 10:29 a.m.11 views

CVE-2026-1145

A flaw was found in quickjs-ng quickjs. This vulnerability, a heap-based buffer overflow, exists in the jstypedarrayconstructorta function. A remote attacker can exploit this by sending specially crafted input, which could lead to unauthorized information disclosure or system instability denial o...

8.8CVSS6.7AI score0.0034EPSS
Exploits1References10
OSV
OSV
added 2026/01/16 10:16 a.m.3 views

CVE-2025-14844

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References6
CVE
CVE
added 2026/01/16 9:23 a.m.19 views

CVE-2025-14844

The CVE refers to the WordPress Membership Plugin – Restrict Content (versions through 3.2.16) with Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure. The flaw resides in rcp_stripe_create_setup_intent_for_saved_card where there is no proper capability ...

8.2CVSS5.3AI score0.00419EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/01/16 6:36 a.m.8 views

WordPress Membership Plugin - Restrict Content plugin <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability discovered by andrea bocchetti in WordPress Plugin Restrict Content versions = 3.2.16...

8.2CVSS7AI score0.00419EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress plugin “Membership Plugin” – Security vulnerability regarding content restriction

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.2CVSS5.8AI score0.00419EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.9 views

PT-2026-3242

Name of the Vulnerable Software and Affected Versions Restrict Content plugin for WordPress versions prior to 3.2.17 Description The Restrict Content plugin for WordPress is affected by a missing authentication issue. This occurs due to a missing capability check within the rcp stripe create setu...

8.2CVSS5.3AI score0.00419EPSS
Exploits0References10
ICS
ICS
added 2026/01/13 8:0 a.m.4 views

Schneider Electric Zigbee Products

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6AI score
Exploits0References11
ICS
ICS
added 2026/01/13 8:0 a.m.9 views

Schneider Electric EcoStruxure Process Expert (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7CVSS5.8AI score0.00103EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.6 views

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

7.5CVSS7.7AI score0.05577EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33506

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...

7.5CVSS6.8AI score0.01172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1776

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System that allows for remote operating system command injection. This issue stems from the...

9CVSS8.6AI score0.05271EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.6 views

PT-2026-1870

Name of the Vulnerable Software and Affected Versions GL-iNet GL-AXT1800 router firmware version 4.6.8 Description A command injection issue exists in the plugins.install package RPC method. The method does not properly sanitize user input in package names, allowing authenticated attackers to...

8.1CVSS7.8AI score0.01426EPSS
Exploits1References8
CERT
CERT
added 2026/01/06 12:0 a.m.9 views

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.3 views

PT-2026-1325

Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...

9.1CVSS7.2AI score0.00692EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-1031

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4 Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through...

5.8CVSS6.4AI score0.00206EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-1003

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A security flaw exists in itsourcecode School Management System 1.0. The issue affects an unknown part of the file /student/index.php. Manipulation of the ID argument can lead to SQ...

9.8CVSS7AI score0.00333EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-53851

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the formSetAdPushInfo function within the /goform/setAdPushInfo file. Manipulation of the mac/terminal argument can lead to a stack-based buffer overflow. This issue is potentially...

9CVSS6.9AI score0.00632EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-53855

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router. A heap-based buffer overflow can be triggered by manipulating the arguments portIp, portMask, portGateWay, portDns, and portSecDns within the...

9CVSS7.4AI score0.02475EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.6 views

PT-2025-53790

Name of the Vulnerable Software and Affected Versions givanz VvvebJs version 1.7.2 Description givanz VvvebJs version 1.7.2 contains a flaw due to which an attacker can perform Directory Traversal via the scan.php file. This allows unauthorized access to files and directories on the system...

7.5CVSS6.6AI score0.00623EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/24 11:37 a.m.6 views

CVE-2025-14000

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder