Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/06/15 8:19 p.m.26 views

CVE-2026-52703 WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

9.6CVSS0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 4:51 p.m.16 views

EUVD-2026-33702

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS5.7AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:51 p.m.26 views

CVE-2026-45275

CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...

6.5CVSS5.7AI score0.00358EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/10 8:16 p.m.5 views

CVE-2026-40184

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

5.3CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 7:40 p.m.22 views

CVE-2026-40185

CVE-2026-40185 concerns TREK, a collaborative travel planner. It identifies missing authorization checks on the Immich trip photo management routes before version 2.7.2, which could allow unauthorized access to trip photos. The issue is addressed in TREK 2.7.2. The CVSS metrics indicate a high-se...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-13520 MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update

The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/24 1:10 p.m.29 views

CVE-2025-68575 WordPress Wappointment plugin <= 2.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through = 2.7.6...

5.3CVSS0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 1:11 a.m.11 views

CVE-2025-46556

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

7.5CVSS6.7AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 10:15 a.m.7 views

CVE-2025-10016

The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...

8.8CVSS5.8AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/16 10:3 a.m.2 views

CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon

The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...

8.8CVSS6.7AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/16 10:3 a.m.9 views

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.3 views

CVE-2025-52322

An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF PGW-C, using the IP address of a legitimate UE in the PDN Address Allocation PAA field...

6.2AI score0.00502EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/08/09 11:12 a.m.7 views

WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin myCred versions = 2.7.2...

5.3CVSS7AI score0.00265EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/07/20 9:15 a.m.2 views

CVE-2024-37947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2...

4.8CVSS5.8AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

8.8CVSS6.6AI score0.01507EPSS
Exploits0References4
OSV
OSV
added 2024/01/19 9:15 p.m.2 views

UBUNTU-CVE-2024-22421

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

6.5CVSS6.8AI score0.00665EPSS
Exploits0References4
PyPA
PyPA
added 2023/10/14 10:15 a.m.5 views

PYSEC-2023-203

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

6.5CVSS6.6AI score0.01433EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/07/09 12:0 a.m.3 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a free web-based open source project management application. A stored cross-site scripting vulnerability exists in the "Entity List" feature in Rukovoditel version 2.7.2, which can be exploited to execute arbitrary web script or HTML via the 'Name' parameter...

5.4CVSS5.5AI score0.01339EPSS
Exploits1References2
CNVD
CNVD
added 2019/07/26 12:0 a.m.4 views

MCPP Heap Buffer Overflow Vulnerability

MCPP is an open source C/C ++ preprocessor. A buffer overflow vulnerability exists in the 'domsg' function of the support.c file in MCPP version 2.7.2. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting...

5.5CVSS7.4AI score0.01569EPSS
Exploits1References1
Rows per page
Query Builder