Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 9:1 p.m.2 views

CVE-2026-28352 Indico missing access check in event series management API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 7:28 a.m.20 views

CVE-2025-13414

CVE-2025-13414 affects the Chamber Dashboard Business Directory plugin for WordPress. The vulnerability arises from a missing capability check on the export function (cdash_watch_for_export), enabling unauthenticated attackers to export sensitive business-directory data. All versions up to and in...

5.3CVSS5AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.11 views

CVE-2023-24385

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in David Lingren Media Library Assistant plugin = 3.11 versions...

5.9CVSS5.6AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:46 a.m.17 views

CVE-2023-3124

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...

8.8CVSS6.5AI score0.2272EPSS
Exploits2References1
OSV
OSV
added 2025/02/14 3:9 p.m.6 views

SUSE-SU-2025:0551-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. bsc1231795...

6.3CVSS7.6AI score0.01499EPSS
Exploits0References5
CNVD
CNVD
added 2018/09/11 12:0 a.m.4 views

WESEEK GROWI Cross-Site Scripting Vulnerability

WESEEK GROWI is an open source team collaboration software developed by WESEEK Japan. The software features asset management, quick search and member management. A cross-site scripting vulnerability exists in WESEEK GROWI 3.1.11 and earlier versions, which can be exploited by remote attackers to...

4.8CVSS4.8AI score0.00667EPSS
Exploits0References1
Rows per page
Query Builder