Lucene search
+L

2374 matches found

nuclei
nuclei
added 12 hours ago14 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00528EPSS
Exploits1References2
nvd
nvd
added 13 hours ago6 views

CVE-2026-15727

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS
Exploits0References10
cvelist
cvelist
added 13 hours ago12 views

CVE-2026-15727 WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS
Exploits0References10
cve
cve
added yesterday8 views

CVE-2026-45533

DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...

8.3CVSS6.2AI score0.00024EPSS
Exploits0References3
nvd
nvd
added yesterday7 views

CVE-2026-56699

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS
Exploits0References2
cvelist
cvelist
added yesterday32 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS
Exploits0References2
euvd
euvd
added yesterday5 views

EUVD-2026-44630

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS6.2AI score
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00193EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-61952

Summary: CVE-2026-61952 affects the WordPress WooCommerce plugin “WooCommerce Bulk Edit Products – WP Sheet Editor” (versions up to and including 1.8.21). The issue is a broken access control due to missing authorization, enabling exploitation through insecure access control configurations. Affec...

4.9CVSS6.1AI score0.00193EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago30 views

CVE-2026-61952 WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00193EPSS
Exploits0References1
nvd
nvd
added 6 days ago4 views

CVE-2026-55460

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with deleteuser=1 because BulkUsersController::destroy authorizes only update, allowing the user to...

7.1CVSS0.00285EPSS
Exploits1References3
cvelist
cvelist
added 6 days ago32 views

CVE-2026-55460 Snipe-IT: Authorization bypass on bulk editing users

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with deleteuser=1 because BulkUsersController::destroy authorizes only update, allowing the user to...

7.1CVSS0.00285EPSS
Exploits1References3
osv
osv
added 6 days ago4 views

CVE-2026-55460 Snipe-IT: Authorization bypass on bulk editing users

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with deleteuser=1 because BulkUsersController::destroy authorizes only update, allowing the user to...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References5
cve
cve
added 6 days ago6 views

CVE-2026-55460

CVE-2026-55460 affects Snipe-IT (IT asset/license management system). Before version 8.6.2, an authenticated non-admin user who had rights users.view and users.edit but not users.delete could directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorized onl...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References3Affected Software1
nvd
nvd
added 6 days ago6 views

CVE-2026-22660

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS0.00328EPSS
Exploits0References3
cvelist
cvelist
added 6 days ago36 views

CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS0.00328EPSS
Exploits0References3
euvd
euvd
added 6 days ago6 views

EUVD-2026-42877

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score0.00328EPSS
Exploits0References3
vulnrichment
vulnrichment
added 6 days ago6 views

CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score0.00328EPSS
Exploits0References3
cve
cve
added 6 days ago10 views

CVE-2026-22660

FlaskBB

8.6CVSS6AI score0.00328EPSS
Exploits0References3
osv
osv
added 6 days ago2 views

CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score0.00328EPSS
Exploits0References6
Rows per page
Query Builder