Lucene search
K

435 matches found

CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.8AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21034

Name of the Vulnerable Software and Affected Versions staviravn AIO WP Builder versions through 2.0.2 Description An authorization issue exists in staviravn AIO WP Builder all-in-one-wp-builder, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

5.3AI score0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.5 views

CVE-2026-25409 WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through = 1.1.1...

5.5AI score0.00185EPSS
Exploits0References1
Redos
Redos
added 2026/02/02 12:0 a.m.6 views

ROS-20260202-73-0015

Vulnerability in kernel-lt related to insufficient control of the resource during its existence. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS5.5AI score0.00155EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.1 views

CVE-2026-24556

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:28 p.m.11 views

CVE-2026-24522

CVE-2026-24522 describes a Missing Authorization (broken access control) vulnerability in MyThemeShop WP Subscribe (wp-subscribe), affecting WP Subscribe versions up to 1.2.16. The CVSS 3.1 base score is 4.3 (Medium) with network attack, low exploit complexity, and low confidentiality impact. The...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4391

Name of the Vulnerable Software and Affected Versions HD Quiz versions through 2.0.9 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update HD Quiz to a versio...

5.2AI score0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.2 views

CVE-2025-67920 WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through 1.2...

8.1CVSS6.7AI score0.00412EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

Asseco InfoMedica 安全漏洞

Asseco InfoMedica is a comprehensive medical information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from insufficient access control granularity and could lead to the acquisition of coded...

5.1CVSS6.2AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1648

Name of the Vulnerable Software and Affected Versions Crocoblock JetEngine versions through 3.8.1.1 Description A missing authorization issue exists in Crocoblock JetEngine, allowing exploitation of incorrectly configured access control security levels. The issue concerns insufficient authorizati...

4.3CVSS6.5AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/12/31 5:15 p.m.7 views

CVE-2025-66159

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through = 1.1.6...

5.4CVSS0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.8 views

PT-2025-54459

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...

9.4CVSS7.3AI score0.00473EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/30 3:47 p.m.5 views

Security Bulletin: IBM i is affected by exposure of sensitive information and improper access control vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2025-53066, CVE-2025-53057]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to unauthorized access to data by using APIs in the JAXP component CVE-2025-53066 and creation, deletion or modification access to data by...

7.5CVSS6.2AI score0.00633EPSS
Exploits0Affected Software5
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

WordPress plugin FiveStar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/12/25 5:16 a.m.11 views

CVE-2025-66378

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...

7.5CVSS0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 3:30 p.m.4 views

EUVD-2025-205266

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through = 1.2.38...

8.8CVSS6.5AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 12:40 p.m.4 views

CVE-2025-14095

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.6AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.4 views

EUVD-2025-204120

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through = 1.0.14...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.4 views

CVE-2025-64209

Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through 4.8.122...

7.5CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 11:45 a.m.2 views

CVE-2025-14095 Privilege boundary violation in Radiometer Products

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

6.8CVSS6.2AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder