Lucene search
K

15 matches found

NVD
NVD
added yesterday4 views

CVE-2026-12418

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.7 via the 'wpuffilesdata' parameter due to missing validation on a user controll...

5.3CVSS0.00243EPSS
Exploits0References8
CVE
CVE
added yesterday9 views

CVE-2026-12418

CVE-2026-12418 describes a vulnerability in the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (versions up to 4.3.7). An insecure direct object reference exists via the wpuf_files_data parameter due to missing validation on ...

5.3CVSS6AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday25 views

CVE-2026-12418 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Modification via 'wpuf_files_data' Parameter

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.7 via the 'wpuffilesdata' parameter due to missing validation on a user controll...

5.3CVSS0.00243EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-56124

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...

8.7CVSS0.00365EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53284

Name of the Vulnerable Software and Affected Versions phpUploader versions prior to 2.0.2 Description An unauthenticated information disclosure exists where remote attackers can access the full contents of the uploaded-files database table by visiting any page of the application. The index model...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/20 9:31 p.m.9 views

EUVD-2026-23941

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

8.1CVSS5.8AI score0.01022EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.01022EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-15943

Malicious code in bioql PyPI...

6.8CVSS8.8AI score0.00703EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-41231

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01714EPSS
Exploits0References2
Redos
Redos
added 2025/08/12 12:0 a.m.4 views

ROS-20250812-05

A vulnerability in the framework that enables the development and deployment of RESTful services and RESTEasy applications is related to the insecure creation of temporary files. Exploitation of the vulnerability could allow an attacker to gain access to confidential information...

5.5CVSS6.9AI score0.00819EPSS
Exploits0
OSV
OSV
added 2025/06/06 4:15 p.m.4 views

CVE-2025-33035

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

6.5CVSS5.8AI score0.00467EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.3 views

Pallets Werkzeug 安全漏洞

Pallets Werkzeug is a WSGI web application library. A security vulnerability exists in Pallets Werkzeug versions prior to 2.2.3, which stems from the fact that the Werkzeug multipart form data parser can parse an unlimited number of files, byte sections, but each section requires CPU time to pars...

7.5CVSS6.9AI score0.0142EPSS
Exploits0References14
Cvelist
Cvelist
added 2022/06/28 5:50 p.m.29 views

CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated...

5.3CVSS5.4AI score0.0085EPSS
Exploits2References2
OPENSUSE Linux
OPENSUSE Linux
added 2022/02/04 12:0 a.m.63 views

Security update for containerd, docker (moderate)

openSUSE Security Update: Security update for containerd, docker Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: 1191015 1191121 1191334 1191434 1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 N...

6.3CVSS7.1AI score0.02693EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2008/07/02 12:37 p.m.5 views

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

6.8CVSS6.2AI score0.03213EPSS
Exploits1References4
Rows per page
Query Builder