Lucene search
K

4 matches found

NVD
NVD
added 2026/01/15 5:16 p.m.10 views

CVE-2026-23495

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

4.3CVSS0.00331EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/15 4:47 p.m.7 views

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

4.3CVSS6.3AI score0.00331EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/12/12 12:18 a.m.6 views

WordPress MailerLite – Signup forms (official) plugin <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by NosleeP++ in WordPress Plugin MailerLite versions = 1.7.16...

5.5CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.5 views

PT-2024-24624 · Hamid Alinia · Idehweb

Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb versions 1.7.16 and earlier Description: The issue is related to improper privilege management, allowing privilege escalation through the 'Login with phone number' feature. Recommendations: For versions 1.7.16 and...

8.8CVSS7.1AI score0.00461EPSS
Exploits0References3
Rows per page
Query Builder