Lucene search
K

24 matches found

CVE
CVE
added 7 hours ago7 views

CVE-2026-12002

The CVE-2026-12002 entry concerns the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. A CSRF vulnerability exists in all versions up to and including 6.11.1 due to missing/incorrect nonce validation in the maybe_connection_data function. This allows unauthenticated attac...

4.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/27 8:16 a.m.8 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.9 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53057

Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References10
CVE
CVE
added 2026/06/24 5:33 a.m.9 views

CVE-2026-9184

The CVE covers the WordPress plugin 24liveblog (versions up to 2.2). A missing capability check on the AJAX handler update_lb24_token() allows authenticated attackers with author-level access and above to overwrite lb24_token, lb24_uid, lb24_refresh_token, lb24_uname, and related site options, ef...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-45732

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:52 p.m.33 views

CVE-2026-45732

CVE-2026-45732 affects n8n, an open-source workflow automation platform. The vulnerability lies in the OAuth1/OAuth2 credential reconnect endpoints, which incorrectly authorize access using credential:read instead of credential:update. An authenticated user with read-only access to a shared crede...

8.3CVSS5.9AI score0.00315EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/05/24 10:36 p.m.103 views

Exploit for CVE-2026-29923

CVE-2026-29923 — pstrip64.sys Local Privilege Escalation A mi...

7.8CVSS6AI score0.00107EPSS
Exploits1
OSV
OSV
added 2026/05/14 4:18 p.m.3 views

GHSA-6H4J-WCR9-2VG7 n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.19 views

n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.7 views

CVE-2026-2559

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...

5.3CVSS5.8AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References9
CVE
CVE
added 2026/03/21 3:26 a.m.17 views

CVE-2026-3506

WP-Chatbot for Messenger plugin for WordPress (up to version 4.9) suffers an authorization bypass due to improper verification of user permissions, enabling unauthenticated attackers to overwrite the site’s MobileMonkey API token and company ID options . This can hijack chatbot configuration and ...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26857

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25853

Malicious code in bioql PyPI...

6.2CVSS6.5AI score0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/08/26 11:15 p.m.6 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 10:48 p.m.5 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 10:48 p.m.8 views

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 10:48 p.m.75 views

CVE-2025-0086

Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.

6.2CVSS6AI score0.00124EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder