Lucene search
K

591 matches found

EUVD
EUVD
added 2026/02/04 9:42 p.m.4 views

EUVD-2026-5329

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 9:42 p.m.38 views

CVE-2026-25540

Mastodon prior to versions 4.3.19, 4.4.13, and 4.5.6 is vulnerable to web cache poisoning in Rails.cache when AUTHORIZED_FETCH is enabled. The ActivityPub endpoints for pinned posts and featured hashtags cache responses that depend on the signer’s account, but the internal cache reuse does not re...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.11 views

PT-2026-6319

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.3.19 Mastodon versions prior to 4.4.13 Mastodon versions prior to 4.5.6 Description Mastodon, a free, open-source social network server based on ActivityPub, contains a flaw related to web cache poisoning. When the...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/02 1:12 a.m.8 views

WordPress Featured Image from URL (FIFU) plugin <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'fifuinputurl' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Featured Image from URL versions = 5.3.1...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.12 views

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.4 views

CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.1 views

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.27 views

CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.15 views

CVE-2026-24535

CVE-2026-24535 affects the WordPress plugin Automatic Featured Images from Videos up to version 1.2.7) or applying vendor mitigation. Connected material notes the vulnerable plugin, the affected version range, and that public advisories converge on updating beyond 1.2.7; exploitation status and i...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

WordPress plugin: Automatic Featured Images from Videos security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.8 views

PT-2026-4383

Name of the Vulnerable Software and Affected Versions Automatic Featured Images from Videos versions through 1.2.7 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Automatic Featured Images from...

5.3AI score0.00201EPSS
Exploits0References3
NVD
NVD
added 2026/01/17 3:16 a.m.9 views

CVE-2025-12002

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

5.9CVSS0.00384EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/17 2:22 a.m.5 views

CVE-2025-12002

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

5.9CVSS5.6AI score0.00384EPSS
Exploits0References8
EUVD
EUVD
added 2026/01/17 2:22 a.m.10 views

EUVD-2026-3158

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...

5.9CVSS5.6AI score0.00384EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.6 views

PT-2026-3336

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...

5.9CVSS6.1AI score0.00384EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

WordPress plugin Featured Image from URL 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

4.3CVSS6.8AI score0.00221EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:51 p.m.17 views

CVE-2014-4163

Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...

6.8CVSS7.6AI score0.02315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.5 views

CVE-2020-10243

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype...

9.8CVSS7.7AI score0.02042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.13 views

CVE-2020-10131

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter...

9.8CVSS7.1AI score0.01276EPSS
Exploits0References1
Rows per page
Query Builder