Lucene search
K

28 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2025-63579

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

5.1CVSS5.3AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 11:46 p.m.9 views

CVE-2026-32312 GLPI: Unauthorized export of form structure

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

5.1CVSS5.7AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 11:46 p.m.23 views

CVE-2026-32312

CVE-2026-32312 (GLPI) affects GLPI 11.0.0 through 11.0.6. An authenticated user with forms READ permission could export the structure of unauthorized forms, exposing form configuration. The issue is fixed in version 11.0.7. According to the CVE records, the vulnerability has a CVSS v4.0 base scor...

5.1CVSS5.7AI score0.00217EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 11:46 p.m.6 views

CVE-2026-32312 GLPI: Unauthorized export of form structure

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

5.1CVSS5.9AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41759

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.6 Description An authenticated user with forms READ permission can export the structure of unauthorized forms. Recommendations Update to version 11.0.7...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:32 p.m.8 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/14 12:32 p.m.13 views

CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.55 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 7:57 p.m.55 views

CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS0.00156EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 7:57 p.m.2 views

CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.8AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 11:55 p.m.6 views

CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS5.6AI score0.00317EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/25 12:33 a.m.7 views

WordPress Chamber Dashboard Business Directory plugin <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export vulnerability

Missing Authorization to Unauthenticated Business Information Export vulnerability discovered by Legion Hunter in WordPress Plugin Chamber Dashboard Business Directory versions = 3.3.11...

5.3CVSS6.9AI score0.00245EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/27 1:33 a.m.7 views

CVE-2025-62922

CVE-2025-62922 is a Missing Authorization / Broken Access Control vulnerability affecting the WordPress plugin Export Categories (versions

5.3CVSS6.6AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-18460

Malware in sbrugna...

2.4CVSS3.9AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:7 a.m.7 views

CVE-2023-7068

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00387EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/14 2:57 a.m.4 views

SUSE CVE-2025-24526

Mattermost versions 10.1.x = 10.1.3, 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access ...

4.3CVSS6.4AI score0.00271EPSS
Exploits0References2
Veracode
Veracode
added 2025/03/04 6:33 a.m.5 views

Unauthorized Channel Content Export

github.com/mattermost/mattermost-server is vulnerable to unauthorized channel content export. The vulnerability is due to improper access control due to failing to restrict channel export of archived channels when the "Allow users to view archived channels" setting is disabled...

4.3CVSS6.5AI score0.00271EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/02/25 9:21 a.m.12 views

CVE-2024-13693 Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...

5.3CVSS5.1AI score0.00307EPSS
Exploits0References2
Rows per page
Query Builder