Lucene search
+L

392 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-15539

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
CVE
CVE
added 4 days ago11 views

CVE-2026-15539

SourceCodester Online Book Store System 1.0 is affected by a vulnerability in the Book Image Upload Feature (admin/index.php?page=books) that allows unrestricted file upload. The issue enables remote attacker manipulation leading to unrestricted upload, as disclosed publicly. No remediation detai...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 6:26 p.m.8 views

GO-2026-5085 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.6AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 6:16 p.m.7 views

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 5:44 p.m.57 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 5:44 p.m.8 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 5:44 p.m.20 views

CVE-2026-41572

Note Mark (project: Note Mark) contains an authenticated/un-authenticated access flaw prior to version 0.19.3 where, after a public book is soft-deleted, notes and uploaded assets remain readable via /api/notes/{id}, /api/notes/{id}/content, the slug path, and asset endpoints. Root cause: GORM’s ...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 5:44 p.m.4 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.9 views

WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.6.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Books Gallery versions = 4.6.8...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/25 11:40 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNoteByID function. An attacker can access notes and assets from soft-deleted public books by directly querying endpoints with known note IDs or slug paths, even after the book has been deleted. This...

6.9CVSS5.7AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 11:40 p.m.6 views

GHSA-3GR9-485J-V4XF Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/25 11:40 p.m.24 views

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/24 6:16 a.m.8 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS0.00323EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:29 a.m.9 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/24 5:29 a.m.9 views

EUVD-2026-25398

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References6
CVE
CVE
added 2026/04/24 5:29 a.m.16 views

CVE-2026-5347

The HM Books Gallery WordPress plugin is affected up to version 4.8.0 by Missing Authorization to unauthenticated settings updates. The vulnerability resides in the admin_init hook that processes permalink settings updates (lines around 205–209 in wp-books-gallery.php), where the code only checks...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/24 5:29 a.m.31 views

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS0.00323EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/24 5:29 a.m.2 views

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.4AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-34854

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References8
Rows per page
Query Builder