Lucene search
K

15 matches found

NVD
NVD
added 13 hours ago5 views

CVE-2026-15286

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS
Exploits0References4
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 14 hours ago4 views

CVE-2026-15286

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score
Exploits0References5
CVE
CVE
added 14 hours ago5 views

CVE-2026-15286

The CVE-2026-15286 entry concerns the Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress. Affected component: a misconfigured capability check on the get_items_permission_check function within the process_pattern REST API endpoint, which affects all versions up to...

4.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-42795

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.10 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
CVE
CVE
added 2026/05/11 9:10 p.m.13 views

CVE-2026-43889

Outline is vulnerable prior to 1.7.0 due to the shares.create API accepting both collectionId and documentId and, when published=false, skipping the share-permission check. A subsequent shares.update permits publication using an OR policy (can share collection OR can share document), allowing an ...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:10 p.m.9 views

CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-187561 Malicious code in jabbah-colors-parsec-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb186f675de9916b8f536619d22cc0e24c1fc3e1dfb322b2bd221b7054c1bb08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49337

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00333EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.8 views

CVE-2024-8667

The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign function in all versions up to, and including, 2.10.0. This makes it possible for...

4.3CVSS6.5AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.11 views

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

4.3CVSS7AI score0.01156EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/13 4:21 a.m.9 views

CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayersavecontent function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with...

4.3CVSS4.5AI score0.00269EPSS
Exploits0References2
OSV
OSV
added 2021/12/06 6:15 p.m.37 views

PYSEC-2021-838

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

6.4CVSS3.7AI score0.00662EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2018/07/12 7:52 p.m.17 views

Malicious Package in eslint-scope

Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. Recommendation The best course of action if you found this package installed in your...

2.3AI score
Exploits0References5Affected Software2
Rows per page
Query Builder