Lucene search
K

1392 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.7 views

CVE-2025-13438

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...

4.3CVSS5.3AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.7 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/02/18 6:24 p.m.4 views

DEBIAN-CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

8.8CVSS9.3AI score0.0079EPSS
Exploits1References1
NVD
NVD
added 2026/02/18 6:24 p.m.8 views

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS0.0079EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/18 6:24 p.m.6 views

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS7.5AI score0.0079EPSS
Exploits1References5
NVD
NVD
added 2026/02/18 6:16 a.m.8 views

CVE-2026-1072

The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification...

4.3CVSS0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 5:29 a.m.6 views

CVE-2026-1072 Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update

The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification...

4.3CVSS5.3AI score0.00156EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 5:29 a.m.3 views

CVE-2026-2023

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 4:35 a.m.11 views

CVE-2025-12071

CVE-2025-12071 — WordPress Frontend User Notes plugin vulnerable to Insecure Direct Object Reference. The flaw affects versions up to 2.1.0 and stems from missing validation on a user-controlled key in the funp_ajax_modify_notes endpoint, enabling authenticated attackers with Subscriber-level acc...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

WordPress plugin Frontend User Notes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/02/16 9:22 p.m.4 views

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

7.5CVSS0.00295EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 4:3 p.m.3 views

BIT-POSTGRESQL-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.4AI score0.01079EPSS
Exploits0References2
CVE
CVE
added 2026/02/14 6:42 a.m.16 views

CVE-2026-1394

The CVE-2026-1394 entry concerns the WordPress plugin WP Quick Contact Us. Public details in the initial description state a Cross-Site Request Forgery vulnerability in versions up to 1.0 due to missing nonce validation on the settings update function, enabling unauthenticated attackers to trigge...

4.3CVSS5.4AI score0.00153EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.6 views

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.9 views

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.10 views

CVE-2025-65127

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get" operations, attackers can obtain device...

6.5CVSS5.6AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

8.8CVSS6.2AI score0.004EPSS
Exploits1References1
CVE
CVE
added 2026/02/12 12:0 a.m.6 views

CVE-2025-56647

Affected product: npm @farmfe/core

6.5CVSS5.6AI score0.00191EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 3:16 p.m.10 views

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

3.6CVSS0.00064EPSS
Exploits0References1
Rows per page
Query Builder