Lucene search
K

1778 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-56240

Capgo vulnerable before version 12.128.12. The billing authorization bypass results from a flaw in the plan_valid calculation, allowing organizations with exhausted or expired usage credits to bypass billing gates and keep access to /updates, /stats, /channel_self, and attachment upload endpoints...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-7559 Affilia <= 3.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Status Modification

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/07/07 10:18 p.m.4 views

CVE-2026-59704 Cap - Missing Access Control in Video AI Metadata Endpoint

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

AutoGPT 安全漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions of AutoGPT prior to 0.6.59 contained a security vulnerability. This vulnerability stemmed from the POST /api/blocks/blockid/execute endpoint, which allowed unlimited free execution...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:17 p.m.16 views

CVE-2026-46080

In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitexte...

5.5CVSS0.00123EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: The use of smbdirectsocketrecvio.credits.available has been corrected. The logic for managing recv credits by counting posted recvio and granted credits is flawed. This is because the peer might have already consumed...

4.7CVSS5.6AI score0.00088EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: Introduced smbdirectsocketrecvio.credits.available. The logic for managing recv credits by counting posted recvio and granted credits is flawed. This is because the peer might have already consumed a credit...

7.5CVSS5.7AI score0.00426EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocket.sendio.bcredits has been addressed. It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immediate empty send. To fix this issue, we wi...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.10 views

EUVD-2026-29403

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 9:16 a.m.16 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.41 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.8 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.7 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 7:48 a.m.15 views

CVE-2026-6256

CVE-2026-6256 affects the WordPress plugin Credits Shortcode (versions

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39958

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

WordPress plugin Credits Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.13 views

CVE-2026-42193

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder