CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription

A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...

EUVD-2014-1647

Malware in sbrugna...

CVE-2025-55736

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2021-24464

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2024-10275

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

CVE-2024-10275

CVE-2024-10275 affects lunary-ai/lunary (v1.5.5). Multiple connected sources confirm an improper privilege management flaw where admins can grant billing permissions to existing users, enabling privilege escalation to access billing resources and bypass RBAC. Root cause: admins without direct bil...

CVE-2019-6637

On BIG-IP ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on...

PT-2018-7165 · Foreman · Foreman +1

Name of the Vulnerable Software and Affected Versions: Foreman's katello plugin version 3.4.5 Description: A flaw was found in Foreman's katello plugin. The issue occurs when a new role is set to allow restricted access on a repository with a filter, specifically a filter set on the Product Name...

CVE-2011-1046

IBM FileNet P8 Content Engine aka P8CE 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager CM and FileNet P8 Business Process Manager BPM, does not require the PRIVILEGEDWRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged...