Lucene search
+L

271 matches found

fedora
fedora
added 4 days ago6 views

[SECURITY] Fedora 43 Update: libssh2-1.11.1-9.fc43

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

9.2CVSS7.1AI score0.00732EPSS
Exploits11
euvd
euvd
added 5 days ago5 views

EUVD-2026-43144

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS6.2AI score0.00353EPSS
Exploits0References10
cvelist
cvelist
added last week30 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
osv
osv
added last week3 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References7
nvd
nvd
added 2026/07/02 10:16 a.m.10 views

CVE-2026-12122

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the getsinglesymbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and...

5.3CVSS0.00285EPSS
Exploits0References8
cve
cve
added 2026/07/02 8:33 a.m.15 views

CVE-2026-12122

The CVE-2026-12122 entry documents a vulnerability in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin (versions up to and including 6.0.11). The issue is a Sensitive Information Exposure via get_single_symbol that allows unauthenticated attackers to extract full b...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References8
nvd
nvd
added 2026/06/27 8:16 a.m.16 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
euvd
euvd
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
cve
cve
added 2026/06/27 6:50 a.m.21 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
github
github
added 2026/06/18 3:5 p.m.11 views

Kirby: Access to files of top-level drafts is not protected by permissions

TL;DR This vulnerability affects Kirby 5 sites that have the content.fileRedirects option enabled set to true or a custom closure as well as all Kirby 4 sites that haven't explicitly disabled this option. It was possible to access clean file URLs of top-level drafts e.g. /about-us/team.jpg withou...

6.3CVSS5.3AI score0.00312EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50725

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites with the content.fileRedirects option enabled allow unauthenticated users to access clean file URLs for files stored in top-level draft pages. The system...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References8
euvd
euvd
added 2026/06/16 4:30 a.m.12 views

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References4
nvd
nvd
added 2026/06/12 7:16 p.m.15 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00238EPSS
Exploits0References3
euvd
euvd
added 2026/06/12 6:22 p.m.11 views

EUVD-2026-36536

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.17 views

PT-2026-48984

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.1 Description ApostropheCMS, an open-source Node.js content management system, contains a stored cross-site scripting issue. This occurs because the user display name is not properly sanitized when displaye...

5.3CVSS4.8AI score0.00286EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.18 views

PT-2026-48948

Name of the Vulnerable Software and Affected Versions Camaleon CMS version 2.9.2 Description Improper authorization in the administrator draft autosave endpoint allows a low-privileged authenticated user to overwrite a draft associated with another user's post. This is achieved by sending an...

5.1CVSS5.3AI score0.00238EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.13 views

WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00353EPSS
Exploits0References15
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.9 views

WordPress plugin Page-list 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.10 views

CVE-2026-4338

The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts...

7.5CVSS5.4AI score0.0035EPSS
Exploits0References1
snyk
snyk
added 2026/05/26 11:55 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the pages.access permission check during the rendering process of page drafts. An attacker can gain unauthorized access to sensitive page draft content by authenticating as a user without the required permission...

6CVSS5.8AI score0.00033EPSS
Exploits0References2
Rows per page
Query Builder