Lucene search
K

265 matches found

NVD
NVD
added 2026/02/07 10:16 p.m.7 views

CVE-2026-25564

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.5CVSS0.0028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 8:26 a.m.34 views

CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS0.00107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2026-004937)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004937 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...

4.3CVSS5.7AI score0.00373EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.5 views

WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

8.1CVSS8.4AI score0.77278EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.4 views

PT-2026-3750

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...

9.8CVSS5.7AI score0.00226EPSS
Exploits0References97
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-4053:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4053:02 advisory. tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 tomcat: Late...

9.8CVSS7.7AI score0.21979EPSS
Exploits2References5
NVD
NVD
added 2026/01/09 8:15 a.m.6 views

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS0.00202EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/05 9:25 p.m.6 views

perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

8.1CVSS7.3AI score0.01561EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not verifying the existence of a device altmode partner, which could result in a null pointer dereference...

6.1AI score0.00173EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/19 5:30 a.m.9 views

CVE-2025-47387

Memory Corruption when processing IOCTLs for JPEG data without verification...

7.8CVSS7AI score0.00085EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.9 views

Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux

Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.3CVSS6.5AI score0.00743EPSS
Exploits1References2
NVD
NVD
added 2025/12/18 6:15 a.m.4 views

CVE-2025-47387

Memory Corruption when processing IOCTLs for JPEG data without verification...

7.8CVSS0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 5:29 a.m.3 views

EUVD-2025-204023

Memory Corruption when processing IOCTLs for JPEG data without verification...

7.8CVSS6.5AI score0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/08 12:0 a.m.3 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

7AI score0.00613EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/20 12:17 p.m.6 views

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 5:26 p.m.7 views

EUVD-2025-198232

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

8.1CVSS6.1AI score0.00289EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 5:26 p.m.24 views

CVE-2025-65033

Rallly prior to 4.5.4 contains an authorization flaw in the poll management feature: polls are identified only by pollId, and ownership is not verified. This allows any authenticated user to pause or resume any poll, compromising integrity and availability. The issue has been patched in version 4...

8.1CVSS6.3AI score0.00289EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/11/07 8:15 a.m.4 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS0.00373EPSS
Exploits1References5
Rows per page
Query Builder