Lucene search
K

20 matches found

EUVD
EUVD
added 2026/05/13 1:27 p.m.42 views

EUVD-2026-29954

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.5 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.3 views

CVE-2026-25417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15723

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2025/12/03 8:16 p.m.5 views

CVE-2025-66489

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...

9.9CVSS0.00804EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/03 7:44 p.m.5 views

EUVD-2025-201128

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...

9.9CVSS6.4AI score0.00804EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/03 7:44 p.m.16 views

CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...

9.9CVSS0.00804EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48991

Name of the Vulnerable Software and Affected Versions Cal.com versions prior to 5.9.8 Description Cal.com, an open-source scheduling software, has a flaw in its login credentials provider. This issue allows an attacker to bypass password verification if a TOTP Time-Based One-Time Password code is...

9.9CVSS6.9AI score0.00804EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2025/10/17 11:22 p.m.4 views

SUSE CVE-2025-60361

radare2 v5.9.8 and before contains a memory leak in the function bochsopen...

3.3CVSS6.9AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2025/10/17 2:15 p.m.5 views

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

5.5CVSS6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/17 12:0 a.m.4 views

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

6.5AI score0.00151EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/10/17 12:0 a.m.4 views

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

5.5CVSS5.2AI score0.00151EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/17 12:0 a.m.5 views

CVE-2025-60361

radare2 v5.9.8 and before contains a memory leak in the function bochsopen...

3.3CVSS5.2AI score0.00149EPSS
Exploits0
EUVD
EUVD
added 2025/10/16 9:31 p.m.6 views

EUVD-2025-34833

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations...

6.3AI score0.00145EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/16 12:0 a.m.4 views

CVE-2025-60358

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations...

5.5CVSS5.2AI score0.00145EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-17728 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the...

6.4CVSS7.9AI score0.00446EPSS
Exploits0References6
OSV
OSV
added 2023/04/15 12:15 a.m.8 views

AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

9.8CVSS8AI score0.02264EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.5 views

strongSwan 信任管理问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. A security vulnerability exists in...

9.8CVSS8.7AI score0.02264EPSS
Exploits0References4
OSV
OSV
added 2021/11/18 3:15 p.m.5 views

CVE-2021-36908

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

8.8CVSS5.8AI score0.00685EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2021/01/11 12:0 a.m.11 views

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4598501)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4598501 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

6.5AI score
Exploits0
Rows per page
Query Builder