CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/03/09 5:42 p.m.•2 views

EUVD-2026-10170

Parse Server: File metadata endpoint bypasses beforeFind / afterFind trigger authorization...

6.3CVSS5.8AI score0.00021EPSS

Exploits0References2

RedhatCVE•added 2026/03/09 8:2 a.m.•3 views

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

6.3CVSS5.7AI score0.00021EPSS

Exploits0References1

CVE•added 2026/03/07 4:21 p.m.•5 views

CVE-2026-30850

Parse Server contains a vulnerability where the file metadata endpoint (GET /files/:appId/metadata/:filename) bypasses beforeFind / afterFind triggers prior to versions 8.6.9 and 9.5.0-alpha.9. When these triggers act as access-control gates, the endpoint can expose file metadata without enforcin...

6.3CVSS5.7AI score0.00021EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/19 7:32 a.m.•1 views

CVE-2025-64188

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...

9.8CVSS7AI score0.00059EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:22 a.m.•4 views

CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...

9.8CVSS6.6AI score0.00059EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-48317

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00758EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 9:29 a.m.•3 views

CVE-2024-7381

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...

5.3CVSS7.7AI score0.00758EPSS

Exploits0References1

OSV•added 2024/09/05 11:15 a.m.•2 views

CVE-2024-7380

The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00122EPSS

Exploits0References3

CNNVD•added 2024/09/05 12:0 a.m.•2 views

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.4AI score0.00758EPSS

Exploits0References3

Positive Technologies•added 1997/01/01 12:0 a.m.•4 views

PT-1997-1095 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: Sendmail version 8.6.9 Description: The issue allows remote attackers to execute root commands using ident. Recommendations: For Sendmail version 8.6.9, update to a newer version that contains a fix for this issue...

10CVSS7.1AI score0.03186EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by