Lucene search
K

54144 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS0.00189EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41255

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-11965

The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41254

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-11600 Envo's Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
CVE
CVE
added 6 days ago12 views

CVE-2026-11600

The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41241

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-50280

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55289

Name of the Vulnerable Software and Affected Versions Cockpit CMS versions prior to 364 Description Unauthenticated attackers can read arbitrary files or execute PHP files due to a path traversal and local file inclusion issue. The application fails to perform containment checks when constructing...

8.2CVSS6.1AI score0.0042EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55309

Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55447

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.3 Description A stored Cross-Site Scripting XSS issue exists where the inline query parameter on the browsable-share file download and authenticated user file download endpoints suppresses the Content-Disposition:...

3.7CVSS5.9AI score0.00028EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

0.00289EPSS
Exploits0References2
CVE
CVE
added 6 days ago19 views

CVE-2026-38969

CVE-2026-38969 affects WEBrick (Ruby) up to v1.9.2. The flaw arises when WEBrick re-parses the trailer Content-Length, placing it into the canonical request state and enabling request smuggling. Documented impact includes potential bypass of security controls and information injection if exposed ...

7.5CVSS5.8AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-57963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This...

6.5CVSS6.1AI score0.00181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-57204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can...

6.9CVSS5.9AI score0.00206EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open...

7.1CVSS6AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder