Lucene search
K

9745 matches found

EUVD
EUVD
added 2026/01/31 4:35 a.m.6 views

EUVD-2026-5082

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/01/31 2:16 a.m.3 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/31 1:23 a.m.5 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/31 1:23 a.m.9 views

EUVD-2025-206597

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 1:23 a.m.32 views

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.9 views

PT-2026-5500

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.1 : libcap (EulerOS-SA-2026-1126)

According to the versions of the libcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.12 views

CVE-2025-15511

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.8 views

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

7.5CVSS5.9AI score0.00459EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.9 views

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 6:16 p.m.3 views

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

7.5CVSS5.4AI score
Exploits0References3
Snyk
Snyk
added 2026/01/28 5:47 p.m.5 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation in the flow.cuda.getdevicecapability function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted device ID. Remediation Ther...

8.7CVSS5.5AI score0.00459EPSS
Exploits1References2
NVD
NVD
added 2026/01/28 12:15 p.m.6 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS0.00292EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 12:15 p.m.5 views

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS0.00372EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 11:23 a.m.10 views

EUVD-2026-4892

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.3 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 11:23 a.m.5 views

EUVD-2025-206508

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 11:23 a.m.22 views

CVE-2025-14386

The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.6 views

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:27 a.m.4 views

CVE-2026-1054

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
Rows per page
Query Builder