Lucene search
+L

84 matches found

CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Conformer for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/22 12:0 a.m.5 views

WordPress Grider for Elementor plugin missing license vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...

5.4CVSS6.6AI score0.00174EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/17 6:17 p.m.15 views

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access SMA 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 CVSS score: 6.6, concerns a case of local privilege escalation that arises as a result of...

9.8CVSS8.6AI score0.23432EPSS
Exploits1
EUVD
EUVD
added 2025/12/12 5:2 a.m.8 views

EUVD-2025-203022

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

5.3CVSS6.2AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 5:2 a.m.35 views

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

5.3CVSS0.00165EPSS
Exploits0References2
Redos
Redos
added 2025/12/03 12:0 a.m.22 views

ROS-20251203-10

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

9.1CVSS7.2AI score0.03153EPSS
Exploits4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18294

Malware in sbrugna...

10CVSS8.9AI score0.01124EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/06 9:30 p.m.7 views

EUVD-2025-32584

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS6.6AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.7 views

PT-2025-40946

Name of the Vulnerable Software and Affected Versions YoSmart YoLink MQTT broker versions through 2025-10-02 Description The YoLink MQTT broker does not adequately enforce authorization controls, which can lead to cross-account attacks. An attacker who obtains device IDs can remotely operate...

4.9CVSS6.6AI score0.0027EPSS
Exploits0References7
OSV
OSV
added 2025/09/24 12:30 p.m.2 views

GHSA-2HMJ-97JW-28JH Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands

Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the snapshot and restore commands. The intended requirement is authentication and authorization on the root path / with ALL permission for these operations; however, affected version...

4.3CVSS7.1AI score0.00294EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

WordPress plugin Printcart Web to Print Product Designer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.8 views

CVE-2025-9228

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users...

4.3CVSS7.2AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.15 views

PT-2025-34027 · Mir · Mir

Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: MiR software versions prior to 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes intended only for administrative users...

4.3CVSS6.6AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.5 views

Kubernetes 安全漏洞

Kubernetes K8s is an open source system from Kubernetes Open Source for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes that stems from insufficient authorization checking for dynamic resource allocation by the...

2.7CVSS7.8AI score0.0065EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.10 views

SAP S/4HANA 安全漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from insufficient authorization checking and could result in the deletion of attachments...

4.3CVSS6.5AI score0.00194EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.5 views

WordPress plugin Dynamic Post 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.4CVSS6.4AI score0.0042EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/08 9:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass in the authorization process. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges...

6.9CVSS6.9AI score0.00468EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/27 6:12 a.m.17 views

CVE-2024-13618

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

7.2CVSS7.3AI score0.00298EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.8 views

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, add, or delete data...

5.5CVSS7.7AI score0.00187EPSS
Exploits0References3Affected Software1
NCSC
NCSC
added 2025/01/23 1:56 p.m.10 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is located in Cisco Meeting Management's REST API, which allows remote, authenticated attackers with low privileges to elevate their privileges to administrator level through inadequate authorization enforcement. This...

9.9CVSS6.6AI score0.01159EPSS
Exploits0References1
Rows per page
Query Builder