Lucene search
K

48 matches found

OSV
OSV
added 2026/04/10 3:31 a.m.3 views

GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References6
PyPA
PyPA
added 2026/04/10 3:16 a.m.11 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/10 3:3 a.m.14 views

CVE-2026-24312

SAP Business Workflow suffers a privilege-escalation flaw caused by an erroneous authorization check. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to perform unauthorized high-privilege actions. This primarily impacts d...

5.2CVSS5.6AI score0.0017EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/14 11:24 a.m.5 views

CVE-2025-14001

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

5.4CVSS5.2AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/16 12:0 a.m.4 views

WordPress WP CarDealer Elevation of Privilege Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in WordPress WP CarDealer, which stems from insufficient user role registration restrictions, and can be exploited by an...

9.8CVSS7AI score0.003EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-5396

Malware in sbrugna...

4.9CVSS5.7AI score0.02178EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-0688

Malware in sbrugna...

4CVSS6.4AI score0.02133EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16176

Malware in sbrugna...

6.5CVSS6.5AI score0.02258EPSS
Exploits0References4
OSV
OSV
added 2025/06/30 3:16 p.m.7 views

BIT-GITLAB-2025-5315 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

4.3CVSS5.7AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:8 a.m.9 views

CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

5.3CVSS6.3AI score0.01208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21376 · WordPress · Svg Uploads Support

Name of the Vulnerable Software and Affected Versions: SVG Uploads Support WordPress plugin versions 2.1.1 and earlier Description: The issue concerns the failure to sanitize uploaded SVG files, potentially allowing users with a role as low as Author to upload malicious SVG files containing XSS...

5.4CVSS9.1AI score0.00243EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.4 views

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS7.7AI score0.00281EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

WordPress plugin Service Finder Bookings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.6AI score0.00388EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/03 11:38 a.m.5 views

CVE-2025-2237

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS7.2AI score0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 11:12 a.m.7 views

CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS7.3AI score0.00426EPSS
Exploits0References2
CVE
CVE
added 2025/04/01 11:12 a.m.55 views

CVE-2025-2237

CVE-2025-2237 affects WP RealEstate (WordPress plugin) with authentication bypass via process_register in all versions up to 1.6.26, allowing unauthenticated attackers to register as Administrator. Root cause: insufficient role restrictions in the plugin. Impact, as stated by trusted sources: una...

9.8CVSS7.2AI score0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

WordPress plugin WP RealEstate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.7AI score0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/14 11:15 a.m.25 views

CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...

9.8CVSS0.0051EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/14 11:15 a.m.18 views

CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...

9.8CVSS9.6AI score0.0051EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.5 views

WordPress plugin Realteo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.9AI score0.0051EPSS
Exploits0References4
Rows per page
Query Builder