Lucene search
K

269 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.7 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS7.2AI score0.00731EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.10 views

CVE-2023-26460

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

5.3CVSS7.2AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.8 views

CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

5.5CVSS6.6AI score0.0015EPSS
Exploits0
NVD
NVD
added 2025/05/22 5:15 p.m.18 views

CVE-2025-47779

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...

7.7CVSS0.00418EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.5 views

CVE-2020-14245

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources...

9.8CVSS7.2AI score0.01213EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/11 2:16 a.m.13 views

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS7.9AI score0.00634EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 7:16 a.m.42 views

CVE-2025-3605

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...

9.8CVSS0.06441EPSS
Exploits4References2
Cvelist
Cvelist
added 2025/05/09 6:42 a.m.32 views

CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...

9.8CVSS0.06441EPSS
Exploits4References2
NVD
NVD
added 2025/05/09 3:15 a.m.28 views

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS0.00634EPSS
Exploits0References2
NVD
NVD
added 2025/05/09 3:15 a.m.13 views

CVE-2025-3811

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...

9.8CVSS0.00634EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/09 2:19 a.m.13 views

CVE-2025-3852

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...

8.8CVSS7.3AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/08 2:25 a.m.21 views

CVE-2025-3610

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

8.8CVSS8.1AI score0.00512EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/08 12:0 a.m.4 views

Large Language Model-Driven Security Assistant for Internet of Things Via Chain-Of-Thought

The rapid development of Internet of Things IoT technology has transformed people's way of life and has a profound impact on both production and daily activities. However, with the rapid advancement of IoT technology, the security of IoT devices has become an unavoidable issue in both research an...

7.2AI score
Exploits0
CVE
CVE
added 2025/05/06 1:42 a.m.66 views

CVE-2025-3610

CVE-2025-3610 — Reales WP STPT (WordPress) is a privilege-escalation vulnerability in all versions up to 2.1.2 caused by improper validation of a user’s identity before updating their details (e.g., password). An authenticated attacker with subscriber-level access or higher can change arbitrary u...

8.8CVSS6.6AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19824 · WordPress · Reales Wp Stpt

Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as the password. This allows authenticat...

8.8CVSS8.9AI score0.00512EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.7 views

PT-2025-18742 · WordPress · Otp-Less One Tap Sign In Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: OTP-less one tap Sign in plugin for WordPress versions 2.0.14 through 2.0.59 Description: The issue is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for...

9.8CVSS9.6AI score0.00477EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/04/26 9:5 a.m.11 views

CVE-2025-3603

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...

9.8CVSS7.5AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 9:2 a.m.27 views

CVE-2025-3604

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated...

9.8CVSS7.6AI score0.00607EPSS
Exploits1References1
NVD
NVD
added 2025/04/24 9:15 a.m.13 views

CVE-2025-3607

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...

8.8CVSS0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.11 views

PT-2025-17717

Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to, and including, 2.2.0 Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their details,...

9.8CVSS7.3AI score0.00607EPSS
Exploits1References14
Rows per page
Query Builder