Lucene search
+L

150 matches found

attackerkb
attackerkb
added 2026/07/05 1:0 p.m.6 views

CVE-2026-14750

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
cve
cve
added 2026/07/05 1:0 p.m.9 views

CVE-2026-14750

The CVE-2026-14750 entry concerns mjperpinosa stumasy with a SQL injection in the function Notes_controller::accessing_dictionary_authorization (file application/PHP/objects/notes/accessing_dictionary_authorization.php). Manipulating the Password argument enables a remote attacker to leverage SQL...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
euvd
euvd
added 2026/05/29 6:36 p.m.12 views

EUVD-2026-33419

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References4
ncsc
ncsc
added 2026/05/12 5:53 p.m.14 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

10CVSS6.2AI score0.0243EPSS
Exploits0
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.8 views

HiJiffy Chatbot 安全漏洞

HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/05 5:54 a.m.5 views

CVE-2026-28135

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1049...

5.9AI score0.00229EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 9:4 a.m.5 views

CVE-2024-39625

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

5.3CVSS7AI score0.0035EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/07 5:33 p.m.5 views

CVE-2025-58243

Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through = 3.4.0...

5.3CVSS7AI score0.00241EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-52403

Malicious code in bioql PyPI...

4.3CVSS9AI score0.00429EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/22 8:31 a.m.11 views

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

8.5CVSS5.1AI score0.00315EPSS
Exploits0References1
nvd
nvd
added 2025/06/06 1:15 p.m.7 views

CVE-2025-30934

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...

5.3CVSS0.00257EPSS
Exploits0References1
nvd
nvd
added 2025/05/23 1:15 p.m.7 views

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

7.5CVSS0.00365EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:16 a.m.10 views

CVE-2024-53708

Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...

5.3CVSS7.2AI score0.0053EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/16 3:45 p.m.20 views

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

5.3CVSS0.00282EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/05/07 2:19 p.m.8 views

CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through = 1.6.16...

5.3CVSS7.2AI score0.0029EPSS
Exploits0References1
nvd
nvd
added 2025/04/16 1:15 p.m.10 views

CVE-2025-39513

Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through = 0.2.46...

5.3CVSS0.00508EPSS
Exploits0References1
nvd
nvd
added 2025/04/15 12:15 p.m.24 views

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

7.5CVSS0.00323EPSS
Exploits0References1
cvelist
cvelist
added 2025/04/15 11:59 a.m.21 views

CVE-2025-26944 WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through = 2.0.11...

7.5CVSS0.00323EPSS
Exploits0References1
cve
cve
added 2025/04/15 11:59 a.m.63 views

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

7.5CVSS7.2AI score0.00323EPSS
Exploits0References1
cve
cve
added 2025/04/15 11:59 a.m.61 views

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

7.5CVSS7.2AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder