Lucene search
K

859 matches found

EUVD
EUVD
added 2026/03/02 11:22 p.m.5 views

EUVD-2026-9269

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS6AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 11:22 p.m.16 views

CVE-2026-1566

The CVE affects LatePoint

8.8CVSS6AI score0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 11:22 p.m.5 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS6AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/02 11:22 p.m.26 views

CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.11 views

PT-2026-22706

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS6AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 3:29 p.m.17 views

CVE-2026-26367

Affected product : eNet SMART HOME server versions 2.2.1 and 2.3.1. Vulnerability : missing authorization in the deleteUserAccount JSON-RPC method, allowing any authenticated low-privilege user (UG_USER) to delete arbitrary user accounts (excluding built-in admin). Impact : potential for unauthor...

8.1CVSS5.8AI score0.00373EPSS
Exploits2References2Affected Software1
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.127 views

eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

8.1CVSS6AI score0.00373EPSS
Exploits2
NVD
NVD
added 2026/02/12 2:15 a.m.11 views

CVE-2026-1729

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

9.8CVSS0.00581EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.4 views

CVE-2026-2095

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user...

9.8CVSS5.8AI score0.00507EPSS
Exploits0References1
NVD
NVD
added 2026/02/08 2:15 a.m.8 views

CVE-2025-15027

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

9.8CVSS0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:22 a.m.3 views

CVE-2025-15100

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jaypanelajaxupdateprofile' function. This makes it possible for authenticated...

8.8CVSS5.5AI score0.0031EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/08 1:22 a.m.3 views

CVE-2025-15100 JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jaypanelajaxupdateprofile' function. This makes it possible for authenticated...

8.8CVSS5.7AI score0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/08 1:22 a.m.4 views

CVE-2025-15027 JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

9.8CVSS5.7AI score0.00412EPSS
Exploits0References2
CVE
CVE
added 2026/02/08 1:22 a.m.30 views

CVE-2025-15027

The CVE pertains to the JAY Login & Register WordPress plugin, where unauthenticated users can escalate to administrator by exploiting a function that updates arbitrary user meta (jay_login_register_ajax_create_final_user). Affected versions are up to 2.6.03 (and PTSecurity notes versions prior t...

9.8CVSS5.5AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-5989

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...

5.5AI score0.00187EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/02/02 8:26 p.m.6 views

USN-7999-1: Filelock vulnerabilities

It was discovered that Filelock incorrectly handled symlinks in temp files. A local attacker could possibly use this issue to cause lock operations to fail or behave unexpectedly. CVE-2026-22701 It was discovered that the file locking implementation in the Filelock package contained a race...

6.5CVSS5.5AI score0.00184EPSS
Exploits1
CVE
CVE
added 2026/02/02 6:0 a.m.52 views

CVE-2025-15030

CVE-2025-15030 affects the WordPress plugin User Profile Builder up to version 3.15.2. The vulnerability arises from an improper password reset flow, allowing unauthenticated actors to reset any user’s password by supplying a username (e.g., administrator) and a crafted request; no valid reset to...

9.8CVSS5.9AI score0.00487EPSS
In wildExploits1References1
Patchstack
Patchstack
added 2026/01/30 5:6 a.m.8 views

WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability

Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...

4.3CVSS5.9AI score0.00548EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 6:19 a.m.12 views

WordPress New User Approve plugin <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability

Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability discovered by Deadbee - NA in WordPress Plugin New User Approve versions = 3.2.2...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.9 views

CVE-2021-41129

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

8.1CVSS6.9AI score0.01696EPSS
Exploits0References1
Rows per page
Query Builder