Lucene search
K

998 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37888

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS6.8AI score0.02684EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/05 6:31 a.m.23 views

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36994

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.5 Description A missing capability check in the embed form action function allows authenticated attackers with Contributor-level access or higher to perform unauthorized...

4.3CVSS5.9AI score0.003EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/02 4:27 a.m.31 views

CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...

6.5CVSS0.0083EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-35244

Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion component: Lifecycle Management. The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

5.2CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 9:16 p.m.14 views

CVE-2026-35232

Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...

5.4CVSS0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-34294

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...

5.9CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 7:16 a.m.6 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS0.00322EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.4 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References10
NVD
NVD
added 2026/04/10 2:16 a.m.5 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS0.00373EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 9:32 p.m.4 views

EUVD-2024-47007

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00395EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27764

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...

5.1CVSS5.8AI score0.00096EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.31 views

CVE-2026-1253 Group Chat & Video Chat by AtomChat <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

4.3CVSS0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.4 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 12:31 p.m.9 views

EUVD-2026-12800

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 10:16 a.m.5 views

CVE-2026-1217

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 6:31 a.m.5 views

EUVD-2026-12764

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References7
NVD
NVD
added 2026/03/07 2:16 a.m.5 views

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/07 12:30 a.m.2 views

EUVD-2026-10090

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-23811

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom fields controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custo...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References5
Rows per page
Query Builder