Lucene search
K

380 matches found

Nuclei
Nuclei
added yesterday11 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.8AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

RestroPress 3.0.0-3.2.1 - Authentication Bypass

RestroPress Online Food Ordering System WordPress plugin 3.0.0 to 3.1.9.2 contains an authentication bypass caused by exposure of user private tokens and API data via /wp-json/wp/v2/users endpoint, letting unauthenticated attackers forge JWT tokens and authenticate as other users including...

9.8CVSS7.3AI score0.02196EPSS
Exploits6References2
CVE
CVE
added last week16 views

CVE-2026-12417

The CVE-2026-12417 issue affects the WordPress SignUp & SignIn plugin (versions ≤ 1.0.0). The vulnerability arises in the pravel_change_password() AJAX handler, exposed via wp_ajax_nopriv_pravel_change_password, which performs no nonce verification, no capability check, and uses only a loose equa...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References4
NVD
NVD
added 2026/06/20 7:16 p.m.11 views

CVE-2026-56345

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS0.00295EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38132

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.22 views

CVE-2026-56345

AVideo 29.0 contains an authorization bypass via the Meet plugin's uploadRecordedVideo.json.php endpoint. The vulnerability derives the target users_id from the uploaded filename without verification, allowing a crafted file (e.g., filename like 1-anything.mp4) to trigger passwordless User-&gt;lo...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38097

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS6AI score0.00625EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:41 a.m.7 views

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:41 a.m.32 views

CVE-2026-54414 FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS0.0072EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 5:41 a.m.17 views

CVE-2026-54414

CVE-2026-54414 affects FileRise prior to 3.16.0. The vulnerability is a path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php) that enables arbitrary file write and, under certain conditions, administrator account takeover. Root cause: uploaded filenames are va...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/15 4:39 p.m.16 views

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

8.8CVSS6AI score0.00633EPSS
Exploits4
NVD
NVD
added 2026/06/09 6:17 p.m.11 views

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.47 views

📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass

WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...

9.8CVSS5.4AI score0.14608EPSS
Exploits10
NVD
NVD
added 2026/06/05 9:16 p.m.12 views

CVE-2026-11423

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.4AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.8 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS5.7AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.5AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:31 p.m.10 views

EUVD-2026-34888

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS5.7AI score0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.6 views

CVE-2026-10580

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.5 views

CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS5.7AI score0.00393EPSS
Exploits1References3
Rows per page
Query Builder