Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/01/20 3:25 a.m.3 views

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS5.5AI score0.00067EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/16 11:31 p.m.1 views

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique...

7.5CVSS6.3AI score0.00074EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/11/18 12:0 a.m.3 views

PT-2025-47284

Name of the Vulnerable Software and Affected Versions Live sales notification for WooCommerce plugin for WordPress versions prior to 2.3.39 Description The Live sales notification for WooCommerce plugin for WordPress is affected by a missing authorization issue. The getOrders function does not ha...

7.5CVSS6.2AI score0.00106EPSS
Exploits0References6
Snyk
Snykadded 2025/02/21 11:54 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of HTML tags in users' first names. An attacker can create and send phishing emails from the affected instance's email address by injecting malicious HTML content. Details...

6.1CVSS5.3AI score
Exploits0References2
CNNVD
CNNVDadded 2023/12/10 12:0 a.m.1 views

Zammad Security Vulnerability

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.2.0 that stems from an attacker's ability to trigger a phishing link in a generated notification email via a carefully crafted first or last name...

5.3CVSS6.7AI score0.00127EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2018/05/18 12:0 a.m.21 views

SAP NetWeaver Web Dynpro Information Disclosure

Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 23445...

7.4AI score
Exploits0
Rows per page
Query Builder