Lucene search
K

33524 matches found

nvd
nvd
added 5 days ago10 views

CVE-2026-3688

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS0.00223EPSS
Exploits0References2
euvd
euvd
added 5 days ago6 views

EUVD-2026-42220

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References2
cvelist
cvelist
added 5 days ago33 views

CVE-2026-3688 WCFM - WooCommerce Multivendor Membership <= 2.11.10 - Insecure Direct Object Reference to Limited Privilege Escalation via User Role Overwrite

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS0.00223EPSS
Exploits0References2
cve
cve
added 5 days ago10 views

CVE-2026-3688

The CVE concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. Affected: all versions up to 2.11.10. Root cause: the wcfmvm_membership_change AJAX action does not validate a user’s permission to modify other users, enabling an authenticated vendor...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References2
redhat
redhat
added 5 days ago7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.1AI score0.00132EPSS
Exploits0References7
redhatcve
redhatcve
added 5 days ago5 views

CVE-2026-60002

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability. Mitigation To mitigate this...

9.4CVSS6AI score0.00263EPSS
Exploits0References6
nvd
nvd
added 5 days ago8 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS0.00263EPSS
Exploits0References3
alpinelinux
alpinelinux
added 5 days ago4 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6AI score0.00263EPSS
Exploits0References3
cvelist
cvelist
added 5 days ago129 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

7.7CVSS0.00263EPSS
Exploits0References3
nessus
nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-60002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re- exchange. This outcome occurs only on the client side...

9.4CVSS6.2AI score0.00263EPSS
Exploits0References4
cve
cve
added 5 days ago6 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
cvelist
cvelist
added 5 days ago29 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

0.00157EPSS
Exploits0References2
ptsecurity
ptsecurity
added 5 days ago9 views

PT-2026-56496

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.6.4 Description The protobufjs Text Format extension parses string-keyed map entries using ordinary property assignment. This allows a map entry with the key proto to modify the prototype of the returned map...

4.8CVSS6.1AI score0.00221EPSS
Exploits0References9
osv
osv
added 6 days ago3 views

PYSEC-2026-1147 Apache Airflow Fab Provider Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

2.1CVSS5.9AI score0.00936EPSS
Exploits0References6
github
github
added 6 days ago5 views

New API is vulnerable to CSRF through user email binding

Summary The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References3Affected Software1
redhat
redhat
added 6 days ago6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.1AI score0.00132EPSS
Exploits0References7
redhat
redhat
added 6 days ago4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.1AI score0.00132EPSS
Exploits0References7
redhat
redhat
added 6 days ago3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.9AI score0.0014EPSS
Exploits0References7
redhat
redhat
added 6 days ago5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.1AI score0.00132EPSS
Exploits0References7
cvelist
cvelist
added last week33 views

CVE-2026-42331 FOSSBilling missing authorization in guest Invoice API endpoints

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
Rows per page
Query Builder