Lucene search
K

5195 matches found

Nuclei
Nuclei
added yesterday12 views

ThemeGrill Demo Importer < 1.6.2 - Database Reset

ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...

9.1CVSS7.1AI score0.03429EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 5:16 a.m.11 views

CVE-2026-9842

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 4:30 a.m.14 views

CVE-2026-9842

The CVE-2026-9842 entry concerns the Backstage - Customizer Demo Access plugin for WordPress (up to version 1.4.2). The root cause is that the plugin assigns the manage_options capability to the backstage_customizer_user demo role, which is more permissive than required for a Demo Access/Customiz...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.34 views

CVE-2026-9842 Backstage <= 1.4.2 - Unauthenticated Privilege Escalation via Permissive Demo Role Capabilities

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-841 MapProxy vulnerable to cross-site scripting in demo service

MapProxy version 1.11.1 and older are vulnerable to cross-site scripting in the demo service resulting in possible information disclosure. An incomplete fix was released in v1.10.4, and a complete fix was released in v1.11.1...

6.1CVSS5.8AI score0.00776EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/28 2:31 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libsolv: libsolv-0.7.39-3.hum1 aarch64, x8664 libsolv-demo-0.7.39-3.hum1 aarch64, x8664 libsolv-devel-0.7.39-3.hum1 aarch64, x8664 libsolv-tools-0.7.39-3.hum1 aarch64, x8664...

6.5CVSS5.8AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.7 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:4 p.m.24 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial-of-service vulnerability in POST /app/demo that lets authenticated users with org write permissions create unlimited demo apps without rate limiting or quotas. Each request can trigger around 138 database write operations, leading to degraded performance, h...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56255 Capgo - Denial of Service via Unlimited Demo App Creation

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS6AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.25 views

CVE-2026-56255 Capgo - Denial of Service via Unlimited Demo App Creation

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:17 a.m.16 views

CVE-2026-4328

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS0.00208EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-4328

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS6AI score0.00208EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/19 4:31 a.m.13 views

EUVD-2026-37984

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS6AI score0.00208EPSS
Exploits0References6
CVE
CVE
added 2026/06/19 4:31 a.m.25 views

CVE-2026-4328

The WordPress Advanced Import plugin (versions ≤ 1.4.6) is vulnerable to Server-Side Request Forgery (SSRF). In demo_download_and_unzip(), the plugin passes the user-supplied demo_file from $_POST through sanitize_text_field() and then invokes wp_remote_get() when demo_file_type is 'url', without...

6.4CVSS6AI score0.00208EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50841

Name of the Vulnerable Software and Affected Versions Advanced Import versions prior to 1.4.7 Description Server-Side Request Forgery SSRF occurs when the plugin uses the wp remote get function to fetch a user-supplied URL without validating that the destination does not point to internal or...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 1:39 p.m.12 views

Malicious code in npx-whoami-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0971bcb88de070f17d932feff04cd6e66ecc825f606b412414457a3afb4ad174 The package's only code file index.js, also registered as the package's bin entry unconditionally executes require'childprocess'.execSync"bash -c...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:15 p.m.28 views

Malicious code in friendly-greeter-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab72d8364f58d27c6ba37063af62500b494b2fcb8961c1a2b40ed1d2feabdcfe friendly-greeter-demo ships two independent remote-code-execution channels that activate automatically. postinstall.js runs on npm install and...

6.3AI score
Exploits0References12
OSV
OSV
added 2026/06/11 8:25 a.m.25 views

MAL-2026-5623 Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a7d2f1e015cb530cbc560ff593abba9ecbdde04868643cc1f46c7c23b7252d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ossf-package-analysis...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 8:25 a.m.13 views

Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a7d2f1e015cb530cbc560ff593abba9ecbdde04868643cc1f46c7c23b7252d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ossf-package-analysis...

6AI score
Exploits0References1
Rows per page
Query Builder