Lucene search
K

5 matches found

CVE
CVE
added 2026/05/28 4:25 p.m.27 views

CVE-2026-9095

Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/01 4:27 a.m.12 views

CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

8.8CVSS0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.25 views

CVE-2025-55296

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS = 25.6.0 in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template...

5.5CVSS5.1AI score0.00817EPSS
Exploits1References1
NVD
NVD
added 2025/08/18 6:15 p.m.7 views

CVE-2025-55296

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS = 25.6.0 in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template...

5.5CVSS0.00817EPSS
Exploits1References2
OSV
OSV
added 2022/01/10 4:15 p.m.3 views

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

9.8CVSS5.9AI score0.06745EPSS
Exploits2References2
Rows per page
Query Builder