Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2026/05/16 5:30 a.m.6 views

Improper Access Control

github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/16 9:54 p.m.4 views

CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.00493EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/03/11 9:59 a.m.4 views

WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/19 1:9 p.m.5 views

CVE-2025-13110

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

4.3CVSS5.8AI score0.003EPSS
Exploits0References1
NVD
NVDadded 2025/12/18 1:15 p.m.5 views

CVE-2025-13110

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

4.3CVSS0.003EPSS
Exploits0References3
WPVulnDB
WPVulnDBadded 2023/11/24 12:0 a.m.8 views

WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery

Description The WooCommerce Subscription for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and not including, 4.6.0. This is due to missing or incorrect nonce validation when suspending or canceling subscriptions. This makes it possible for unauthenticated attackers to...

6.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder