Lucene search
K

10 matches found

Patchstack
Patchstack
added 2026/06/11 12:6 p.m.13 views

WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-3525

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

5.3CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 4:24 p.m.28 views

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

5.3CVSS0.00271EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/19 3:10 p.m.3 views

CVE-2025-53922 Galette has access control bypass

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

5.3CVSS6.3AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 8:40 p.m.8 views

CVE-2025-48076 Galette is vulnerable to Cross-site Scripting

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

5.3CVSS0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.2 views

WordPress plugin Button Block 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Button Block 1.2.0 and prior...

4.3CVSS6.7AI score0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.8 views

PwnDoc 安全漏洞

PwnDoc is a penetration test report generator from PwnDoc open source. A security vulnerability exists in PwnDoc versions prior to 1.2.0 that stems from a path traversal in the backup recovery feature that could lead to remote code execution...

6.5CVSS7.7AI score0.01934EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.4 views

NewPass Security Vulnerabilities

NewPass is a secure password management application by gero personal developer. Designed to generate and store strong passwords locally on a user's device. A security vulnerability exists in versions prior to NewPass 1.2.0. An attacker exploiting the vulnerability could gain access to sensitive...

3.5CVSS6.8AI score0.0019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/26 5:0 a.m.6 views

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS6.8AI score0.01893EPSS
Exploits1References12
CNVD
CNVD
added 2016/08/11 12:0 a.m.3 views

Python priority denial of service vulnerability

Python is a suite of open source, object-oriented programming languages from the Python Software Foundation. json is one of the modules that provides a lightweight format for exchanging data. priority is one of the modules used to implement ordering. A denial of service vulnerability exists in...

7.5CVSS8.1AI score0.01792EPSS
Exploits0References1
Rows per page
Query Builder