Lucene search
K

732 matches found

CVE
CVE
added 2026/03/26 1:25 a.m.21 views

CVE-2026-4484

CVE-2026-4484 affects the Masteriyo LMS WordPress plugin up to version 2.1.6. The root cause is a vulnerability in the InstructorsController::prepare_object_for_database function that allows an authenticated user to update a user’s role, enabling privilege escalation from Student-level (and above...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/22 3:31 p.m.6 views

EUVD-2026-14306

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/03/22 2:16 p.m.7 views

CVE-2026-4548

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS0.00195EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/22 1:2 p.m.35 views

CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/22 1:2 p.m.2 views

CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS5.6AI score0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:2 p.m.3 views

CVE-2026-4548

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.4 views

PT-2026-27010

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.9 views

Next SaaS Stripe Starter 授权问题漏洞

Next SaaS Stripe Starter is an integrated payment and authentication SaaS project starter developed by mickasmt as a personal developer. Version 1.0.0 of Next SaaS Stripe Starter contains an authorization issue vulnerability. This vulnerability stems from incorrect operations with the parameter...

6.5CVSS6.6AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.0038EPSS
Exploits0References5
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-29196

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

8.7CVSS0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/03/07 4:15 p.m.20 views

CVE-2026-29196

CVE-2026-29196 affects Netmaker prior to 1.5.0, where a user with the platform-user role could obtain WireGuard private keys for all configs in a network via API calls to GET /api/extclients/{network} or GET /api/nodes/{network}. The UI restricts visibility, but these API endpoints return full re...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 4:15 p.m.3 views

CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 9:16 a.m.5 views

CVE-2026-23925

A flaw was found in Zabbix. An authenticated user with the 'User' role, who also possesses write permissions for templates or hosts, can exploit the configuration.import API. This allows them to create unauthorized objects, such as hosts, which can lead to a loss of confidentiality within the...

7.6CVSS5.8AI score0.00255EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/06 8:24 a.m.7 views

CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

8.1CVSS5.3AI score0.00255EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22718

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.3 Description The User Registration & Membership plugin for WordPress has a critical flaw allowing unauthenticated attackers to create administrator accounts. This is du...

9.8CVSS5.6AI score0.25532EPSS
Exploits2References43
EUVD
EUVD
added 2026/02/27 9:30 a.m.7 views

EUVD-2025-208125

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 7:17 a.m.18 views

CVE-2025-12981

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS0.00574EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 6:43 a.m.30 views

CVE-2025-12981

Summary of CVE-2025-12981 (Listee

9.8CVSS5.4AI score0.00574EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 6:43 a.m.6 views

CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 6:43 a.m.24 views

CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS0.00574EPSS
Exploits0References4
Rows per page
Query Builder