Lucene search
+L

70 matches found

NVD
NVD
added 2026/07/11 5:16 a.m.9 views

CVE-2026-13116

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 4:31 a.m.14 views

EUVD-2026-37988

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an...

5.3CVSS6AI score0.00385EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.6AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 a.m.13 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS0.003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:26 a.m.9 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 1:26 a.m.19 views

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 1:26 a.m.27 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 1:26 a.m.10 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

WordPress plugin SP Project & Document Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.5AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

FileBrowser 安全漏洞

FileBrowser is a web-based file browser developed by Seagate as open source software. It provides an interface for managing files within specified directories, allowing actions such as uploading, deleting, previewing, renaming, and editing files. It supports multiple users, with each user having...

7.1CVSS5.8AI score0.00307EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 2:25 p.m.7 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 2:25 p.m.32 views

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-32793

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00391EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/08/13 3:33 p.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/13 3:25 p.m.2 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/12 12:47 a.m.14 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/05 3:40 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/23 5:34 a.m.6 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/21 8:18 a.m.2 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01454EPSS
Exploits4References8
NVD
NVD
added 2025/05/02 9:15 p.m.35 views

CVE-2025-0782

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Rows per page
Query Builder