Lucene search
K

435 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007033)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007033 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset...

5.5CVSS5.6AI score0.00118EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.2 views

CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 12:31 p.m.3 views

EUVD-2026-21356

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 1:24 a.m.27 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS0.00408EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006780)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006780 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail:...

6.2CVSS5.8AI score0.00203EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 5:36 p.m.18 views

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 5:36 p.m.4 views

EUVD-2026-19826

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS6AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 5:36 p.m.2 views

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 5:36 p.m.37 views

CVE-2026-39331

ChurchCRM prior to 7.1.0 has an API authorization bypass: an authenticated API user can modify any family’s state by altering the {familyId} in requests to /family/{familyId}/verify, /family/{familyId}/verify/url, /family/{familyId}/verify/now, /family/{familyId}/activate/{status}, and /family/{f...

8.1CVSS6AI score0.00214EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 11:16 a.m.5 views

UBUNTU-CVE-2026-23385

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFPKERNEL which results in a WARN splat: iter.err WARNING: net/netfilter/nftablesapi.c:845 at...

5.5CVSS5.7AI score0.00135EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions 5.0.0 to 5.0.6 of Admidio have a cross-site request forgeing vulnerability. This...

5.7CVSS5.7AI score0.0013EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/16 9:29 p.m.10 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-26171

Summary The delete, activate, and deactivate modes in modules/groups-roles/groups roles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF token to callUrlHideElement, which includes it in the POST body, but the...

5.7CVSS6AI score0.0013EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.12 views

PT-2026-20278

Name of the Vulnerable Software and Affected Versions Slider Future versions up to and including 1.0.5 Description The Slider Future plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the slider future handle image upload function. This...

9.8CVSS6AI score0.03177EPSS
Exploits2References9
Github Security Blog
Github Security Blog
added 2026/02/10 12:22 a.m.11 views

FroshAdminer Adminer UI is accessible without admin session

Summary Unauthenticated access to Adminer UI Details The Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users. Note: Database access...

6.9CVSS5.5AI score0.00362EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/05 9:15 a.m.8 views

CVE-2025-13416

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/05 8:25 a.m.5 views

CVE-2025-13416

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/05 8:25 a.m.6 views

EUVD-2025-206868

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-5876

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to unauthorized user suspension. This occurs because of a missing capability chec...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/02/03 9:19 a.m.9 views

WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability

Authenticated Admin+ SQL Injection via wpjobportaldeactivate vulnerability discovered by WordFence in WordPress Plugin WP Job Portal versions = 2.2.2...

4.9CVSS5.7AI score0.00451EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder