Lucene search
K

2789 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

9.8CVSS8.5AI score0.01602EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 a.m.12 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.9 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/19 6:51 a.m.9 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
CVE
CVE
added 2026/06/19 6:51 a.m.19 views

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.32 views

CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50851

Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...

5.3CVSS6AI score0.00299EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/06/18 5:37 p.m.5 views

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

5.3CVSS5.3AI score0.00299EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-48783

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS0.0017EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 9:38 p.m.14 views

CVE-2026-48783

CVE-2026-48783 affects Postiz prior to version 2.21.8. An unauthenticated endpoint (/public/modify-subscription) accepted a signed token and applied subscription-enforcement side effects to the organization in the token’s claims without verifying the token’s intended purpose. The endpoint could n...

4.8CVSS5.3AI score0.0017EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 9:38 p.m.24 views

CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS0.0017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50122

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS5.4AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

7.5CVSS6.1AI score0.00387EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2026/06/15 9:7 p.m.7 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

9.8CVSS6AI score0.0068EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/06/15 9:35 a.m.70 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score
Exploits0
NVD
NVD
added 2026/06/12 3:16 p.m.16 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 1:25 p.m.5 views

GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

7.1CVSS5.9AI score0.00084EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/11 11:31 a.m.26 views

VRChat says reported data breach never happened

A data breach notice has been filed with the Maine Attorney General, saying more than 2.4 million users of VRChat have had their data breached. The question is, was it VRChat who filed the breach notice, or did someone pretending to represent the company post it instead? On Reddit, a VRChat...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48680

Name of the Vulnerable Software and Affected Versions free5GC UDR affected versions not specified Description Improper input validation exists in the EE subscription handlers of the free5GC UDR. The system uses a regular expression to validate the ueId variable that includes a catch-all...

7.1CVSS6AI score0.00084EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 9:8 p.m.21 views

CVE-2026-46679

CVE-2026-46679 affects the JS implementation of libp2p gossipsub. Three omissions in the default gossipsub logic allow an unauthenticated peer to flood subscriptions and exhaust the Node.js heap, causing memory DoS and potential OOM. The issue arises from an unbounded this.topics map, unbounded p...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder