Lucene search
K

813 matches found

CVE
CVE
added yesterday10 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score
Exploits0References10
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-11398

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score
Exploits0References11
EUVD
EUVD
added yesterday5 views

EUVD-2026-41524

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score
Exploits0References10
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-9180

The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is due to the POST /motopress/appointment/v1/bookings REST endpoint being registered with 'permissioncallback' = 'returntrue',...

5.3CVSS5.7AI score
Exploits0References7
CVE
CVE
added 3 days ago5 views

CVE-2026-12113

The WordPress plugin Appointment Booking Calendar (versions

4.3CVSS5.8AI score0.00228EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.34 views

CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS
Exploits0References10
NVD
NVD
added 2026/06/10 3:16 p.m.12 views

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS0.00288EPSS
Exploits0References3
HackRead
HackRead
added 2026/06/10 3:16 p.m.5 views

ServiceNow Discloses Security Incident Exposing Customer Data

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases...

5.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 1:55 p.m.7 views

CVE-2026-53469 Migration-planner: unprotected delete endpoint wipes all tenant data

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.9 views

Migration Planner UI 访问控制错误漏洞

The Migration Planner UI is an open-source migration planning frontend tool developed by KubeV2V. The Migration Planner UI has an access control vulnerability. This vulnerability stems from the lack of proper authorization and filtering in the/api/v1/sources route, which may allow authenticated...

9.1CVSS5.3AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48443

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS5.5AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

5.3CVSS5.5AI score0.00742EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.5AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 4:16 a.m.11 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:33 a.m.13 views

EUVD-2026-33551

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:33 a.m.37 views

CVE-2026-48189 Bypass DedicatedAgentToCustomerGroups Setting

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:33 a.m.10 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

OTRS 安全漏洞

OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X. These vulnerabilities stem from improper input validation in the client backend module, which may allow access to...

5.7CVSS5.3AI score0.00198EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/05/28 10:0 a.m.10 views

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams...

5.8AI score
Exploits0
Rows per page
Query Builder