Lucene search
K

135 matches found

RedhatCVE
RedhatCVE
added 2025/08/25 7:20 a.m.6 views

CVE-2025-5060

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

8.1CVSS5.9AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/14 5:26 a.m.10 views

CVE-2025-8059

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...

9.8CVSS7.2AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 5:15 a.m.4 views

CVE-2025-8059

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...

9.8CVSS0.00446EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32623 · WordPress · B Blocks

Name of the Vulnerable Software and Affected Versions: B Blocks plugin for WordPress versions prior to 2.0.7 Description: The B Blocks plugin for WordPress is susceptible to privilege escalation due to missing authorization and improper input validation within the rgfr registration function. This...

9.8CVSS7.6AI score0.00446EPSS
Exploits0References12
Packet Storm
Packet Storm
added 2025/08/04 12:0 a.m.120 views

📄 WordPress Ultimate Member 2.6.6 Privilege Escalation

WordPress Ultimate Member plugin version 2.6.6 proof of concept privilege escalation exploit. !/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an...

9.8CVSS7.7AI score0.72306EPSS
Exploits12
OSV
OSV
added 2025/05/13 4:15 p.m.5 views

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM on-prem only before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system...

9.8CVSS7.6AI score0.01871EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 3:15 p.m.3 views

CVE-2025-22466

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

9.6CVSS5.8AI score0.012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:17 a.m.8 views

CVE-2024-9636

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register...

9.8CVSS7AI score0.00773EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.5 views

Four-Faith F3x36 安全漏洞

The Four-Faith F3x36 is a portable wireless mobile router from Four-Faith China. A security vulnerability exists in the Four-Faith F3x36 version v2.0.0, which stems from the fact that certain administrative functions do not enforce authentication...

9.8CVSS6.8AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 5:15 p.m.6 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

6.1CVSS5.8AI score0.00872EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.8 views

PT-2024-28775 · Unknown · Vilo 5 Mesh Wifi System

Name of the Vulnerable Software and Affected Versions: Vilo 5 Mesh WiFi System versions 5.16.1.33 and earlier Description: The issue is related to Insecure Permissions, specifically a lack of authentication in the custom TCP service on port 5432. This allows remote, unauthenticated attackers to...

9.6CVSS7.6AI score0.00356EPSS
Exploits1References6
OSV
OSV
added 2024/10/01 9:15 a.m.3 views

CVE-2024-9265

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echocheckpostheadersent function. This makes it possib...

9.8CVSS5.8AI score0.00613EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.5 views

PT-2024-21052 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0 Description: The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially...

8.8CVSS7.1AI score0.00396EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.4 views

PT-2024-38019 · Omntec · Omntec Proteus Tank Monitoring Oel8000Iii Series

Name of the Vulnerable Software and Affected Versions: OMNTEC Proteus Tank Monitoring OEL8000III Series affected versions not specified Description: The issue allows an attacker to perform administrative actions without proper authentication. It is being actively exploited. Recommendations: At th...

9.8CVSS6.9AI score0.00586EPSS
Exploits0References10
NVD
NVD
added 2024/08/19 2:15 a.m.13 views

CVE-2024-44069

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value Celsius, Fahrenheit,...

7.5CVSS0.00471EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.4 views

Webhood 安全漏洞

Webhood is a self-hosted URL scanner for analyzing phishing and malicious websites. A security vulnerability exists in Webhood version 0.9.0 and prior versions, which stems from a vulnerability that allows an unauthenticated attacker to create an administrator account by sending an HTTP request t...

9.8CVSS6.8AI score0.00715EPSS
Exploits0References4
NCSC
NCSC
added 2024/02/21 12:0 a.m.3 views

Vulnerabilities fixed in ConnectWise ScreenConnect

Connectwise has fixed vulnerabilities in ScreenConnect. A unauthenticated malicious person could exploit the vulnerabilities to create a new administrator account. An exploit is available that makes the chance of exploitation significant. At this no CVEs have yet been assigned to the...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.6 views

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

9.8CVSS5.9AI score0.00734EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/09 12:0 a.m.6 views

PT-2023-26095 · Unknown · I-Doit Open +1

Name of the Vulnerable Software and Affected Versions: i-doit pro versions 25 and below I-doit open versions 25 and below Description: The software is configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and...

9.8CVSS9.3AI score0.01094EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/08/13 12:0 a.m.5 views

PT-2023-23939 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise affected versions not specified Description: A non-feature complete authentication mechanism exists in the production application, allowing an attacker to bypass all authentication checks if LDAP authenticatio...

9.8CVSS9.6AI score0.0082EPSS
Exploits0References6
Rows per page
Query Builder