Lucene search
K

274 matches found

Nuclei
Nuclei
added 2 days ago43 views

ZenML ZenML Server - Improper Authentication

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...

8.8CVSS6.8AI score0.70581EPSS
Exploits1References5
NVD
NVD
added 6 days ago8 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
CVE
CVE
added 6 days ago13 views

CVE-2026-4275

CVE-2026-4275 affects the Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress up to version 4.2.3. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw arising from using __return_true as the permission_callback for the /install_plugin and /activate_plugin REST...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References9
NVD
NVD
added 2026/07/08 6:16 a.m.10 views

CVE-2026-12153

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...

9.8CVSS0.00364EPSS
Exploits0References5
NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12471 Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53055

Name of the Vulnerable Software and Affected Versions Spexo theme for WordPress versions prior to 2.0.12 Description Unauthorized access is possible due to a missing capability check in the activate plugin function. This allows authenticated users with Subscriber-level permissions or higher to...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References10
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 11:50 p.m.31 views

CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 11:50 p.m.3 views

CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS5.9AI score0.00155EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 11:50 p.m.19 views

CVE-2026-5818

The CVE-2026-5818 entry concerns the Caliptra Core Runtime Firmware and describes an incorrect return-value check in ActivateFirmwareCmd::activate_fw modules, which allows bypassing the Core’s verification of MCU firmware during a hitless update. Affected versions are Core Runtime Firmware 2.0.0 ...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51609

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description An incorrect check of a function return value within the ActivateFirmwareCmd::activate fw modules allows the bypass of the...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2026/06/10 12:0 a.m.3 views

The vulnerability of the nft_map_catchall_activate() function in the nf_tables component of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the nftmapcatchallactivate function in the nftables component of the Linux kernel lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS7.2AI score0.00344EPSS
Exploits7References20Affected Software5
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 1:16 p.m.13 views

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS0.00143EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:16 p.m.10 views

UBUNTU-CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 12:6 p.m.46 views

CVE-2026-8078 Fix stored XSS in global settings change log

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.13 views

EUVD-2026-35052

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 12:6 p.m.10 views

CVE-2026-8078 Fix stored XSS in global settings change log

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder