Lucene search
K

39 matches found

OSV
OSV
added 2026/06/18 9:49 a.m.4 views

BIT-MASTODON-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 8:18 p.m.12 views

CVE-2026-42655

CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.10 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 1:43 p.m.11 views

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

3.6CVSS5.8AI score0.00067EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 1:2 p.m.19 views

CVE-2025-32747

Dell PowerFlex Manager

7.8CVSS5.8AI score0.0009EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/03/16 4:32 a.m.11 views

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

7CVSS5.8AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 10:16 a.m.9 views

CVE-2026-2664

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

7.8CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.8 views

CVE-2025-69296

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through = 4.6.3...

7.1CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:32 p.m.10 views

CVE-2026-20761

CVE-2026-20761 affects EnOcean SmartServer IoT prior to 4.60.009. A remote attacker can exploit the LON IP-852 management message handling to execute arbitrary OS commands on the device. Public sources concur on this impact; no exploit details are provided in the documents. The Red Hat advisory a...

8.1CVSS5.8AI score0.00876EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/20 3:32 p.m.4 views

CVE-2026-20761 EnOcean SmartServer IoT Command Injection

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...

8.1CVSS5.8AI score0.00876EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.6 views

CVE-2026-25308

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/08 10:21 a.m.20 views

WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...

8.8CVSS6.8AI score0.00454EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/29 10:21 p.m.4 views

EUVD-2025-36697

Zitadel allows brute-forcing authentication factors...

7.7CVSS6.6AI score0.00353EPSS
Exploits0References3
NVD
NVD
added 2025/09/05 2:15 p.m.3 views

CVE-2025-58811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP CodeUs Ultimate Client Dash ulimate-client-dash allows Stored XSS.This issue affects Ultimate Client Dash: from n/a through = 4.7...

5.9CVSS0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.18 views

PT-2025-36150

Name of the Vulnerable Software and Affected Versions: WP CodeUs Ultimate Client Dash versions through 4.6 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP CodeUs...

5.9CVSS5.5AI score0.0021EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 9:22 a.m.6 views

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

5.3CVSS5.9AI score0.00536EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/06/11 11:1 a.m.5 views

WordPress Simen theme <= 4.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Simen versions = 4.6...

8.1CVSS7AI score0.0049EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/02 1:31 p.m.6 views

CVE-2025-31613

Cross-Site Request Forgery CSRF vulnerability in Aboobacker. AB Google Map Travel ab-google-map-travel allows Cross Site Request Forgery.This issue affects AB Google Map Travel : from n/a through = 4.6...

7.1CVSS7.2AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.4 views

WordPress plugin 3D FlipBook, PDF Viewer, PDF Embedder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin 3D FlipBoo...

8.8CVSS8.2AI score0.01189EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.8 views

Loftware Spectrum 安全漏洞

Loftware Spectrum is an enterprise label printing solution from Loftware, a comprehensive, cloud-based label printing platform for companies of all sizes. A security vulnerability exists in Loftware Spectrum prior to version 4.6 that stems from HF14 missing authentication for critical functions...

9.8CVSS6.9AI score0.00579EPSS
Exploits0References4
Rows per page
Query Builder