Lucene search
K

9753 matches found

Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5070

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the miga ajax editor cal delete function that is hooked to the miga editor cal delete AJAX action with both...

5.3CVSS6AI score0.00338EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5088

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate sso url' and 'validate sso token' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5148

A GPU device-ID validation flaw in the flow.cuda.get device capability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

5.9AI score0.00382EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 12:0 a.m.5 views

EUVD-2025-206472

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

7.5CVSS5.9AI score0.00382EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability. This vulnerability stems from a flaw in the flow.cuda.getdevicecapability component, which lacks proper verification of GPU device IDs. This could lead to...

7.5CVSS5.8AI score0.00382EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 a.m.6 views

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

5.9AI score0.00382EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:0 a.m.5 views

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

5.9AI score0.00382EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

WordPress plugin Simple Calendar for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2026/01/28 12:0 a.m.4 views

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

7.5CVSS5.4AI score0.00382EPSS
Exploits1References4
NVD
NVD
added 2026/01/27 7:16 a.m.8 views

CVE-2025-14971

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 6:44 a.m.4 views

CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 6:44 a.m.23 views

CVE-2025-14971

CVE-2025-14971 applies to the WordPress plugin Link Invoice Payment for WooCommerce (versions up to 2.8.0). The vulnerability is an unauthorized data modification flaw caused by a missing capability check on createPartialPayment and cancelPartialPayment, enabling unauthenticated attackers to crea...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:44 a.m.5 views

CVE-2025-14971

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-4856

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-3636 Moodle: idor in moodle rss block allows unauthorized access to rss feeds

A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-32045 Moodle: hidden grades shown to users without permission on some grade reports

A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/25 9:10 p.m.15 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.11 views

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.11 views

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.9 views

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder