Lucene search
K

87 matches found

Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-14482 多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...

8.8CVSS0.00318EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42162

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...

8.8CVSS6AI score0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39656

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.8 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

5.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.43 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.6 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:38 p.m.21 views

CVE-2026-57924

CVE-2026-57924 affects JetBrains YouTrack prior to version 2026.2.16593, where a default role configuration exposed excessive user profile details. The root cause is not fully described beyond this exposure, but the impact implies potential disclosure of user profile information to unauthorized u...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52704

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38664

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/18 3:41 a.m.23 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS0.00387EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 3:41 a.m.11 views

EUVD-2026-37836

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS5.3AI score0.00387EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40888

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.10 views

CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS0.00347EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 8:59 p.m.45 views

CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS0.0023EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-40888

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 7:28 p.m.3 views

CVE-2026-40888 Frappe HR vulnerable to Improper Access Control

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 7:28 p.m.37 views

CVE-2026-40888 Frappe HR vulnerable to Improper Access Control

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 7:28 p.m.6 views

EUVD-2026-24276

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 7:28 p.m.14 views

CVE-2026-40888

CVE-2026-40888 affects Frappe HR (HRMS). Before versions 15.58.1 and 16.4.1, an authenticated user with the default role can access unauthorized information via a vulnerable API endpoint. The issue is resolved in 15.58.1 and 16.4.1, which contain the patch. No workarounds are provided. An authent...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Frappe HR 访问控制错误漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.1 and 16.4.1 contained a security vulnerability related to access control. This vulnerability allowed authenticated users with the default role to access certain API endpoints,...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder