Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

85 matches found

RedhatCVE
RedhatCVEadded 2026/04/02 10:53 a.m.3 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/01 12:31 p.m.0 views

EUVD-2026-17851

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References6
NVD
NVDadded 2026/04/01 10:16 a.m.2 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00015EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/01 10:0 a.m.1 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/04/01 10:0 a.m.26 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00015EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/01 10:0 a.m.0 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5
CVE
CVEadded 2026/04/01 10:0 a.m.4 views

CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.1 views

PT-2026-29508

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS5.5AI score0.00015EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/01 12:0 a.m.2 views

Dataverse 代码问题漏洞

Dataverse is an open-source research data management and sharing platform developed by the Institute for Quantitative Social Science. Versions of Dataverse 6.8 and earlier contained code vulnerabilities. These vulnerabilities stemmed from operations involving the parameter uploadLogo in the...

6.5CVSS6.7AI score0.00015EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-14046

Malicious code in bioql PyPI...

9.8CVSS8.5AI score0.02174EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-7179

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.01049EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-14446

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00615EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-37794

Malicious code in bioql PyPI...

8.8CVSS6.7AI score0.01327EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-6308

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.00118EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-35765

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.06858EPSS
Exploits0References1
CNVD
CNVDadded 2025/07/30 12:0 a.m.2 views

WordPress Dataverse Integration Missing Authorization Vulnerability

WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...

8.8CVSS7.1AI score0.00332EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/07/28 8:49 p.m.3 views

WordPress Dataverse Integration plugin 2.77-2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Dataverse Integration versions 2.77-2.81...

8.8CVSS6.7AI score0.00332EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/07/26 9:34 a.m.4 views

CVE-2025-7695

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...

8.8CVSS7.2AI score0.00332EPSS
Exploits0References1
NVD
NVDadded 2025/07/24 10:15 a.m.2 views

CVE-2025-7695

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...

8.8CVSS0.00332EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/07/24 9:22 a.m.6 views

CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...

8.8CVSS6.5AI score0.00332EPSS
Exploits0References5
Rows per page
Query Builder