Lucene search
+L

56 matches found

cve
cve
added 3 days ago12 views

CVE-2026-11964

Affected software: User Registration & Membership WordPress plugin (prior to 5.2.2). Vulnerability: The plugin does not verify the authenticity of incoming payment-provider webhook notifications, enabling unauthenticated attackers to forge a payment-approved event. Impact: This can activate a pai...

9.1CVSS6.1AI score0.00261EPSS
Exploits0References1
cve
cve
added 2026/06/30 8:34 p.m.19 views

CVE-2025-12530

IBM watsonx.data intelligence CVE-2025-12530 affects 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch-1, where data is transmitted in clear text, enabling potential MITM access to sensitive information. The connected sources provide the affected versions and the clear-text transmission root cause; no...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/06/26 3:32 p.m.7 views

EUVD-2026-39782

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References2
cve
cve
added 2026/06/26 2:52 p.m.16 views

CVE-2026-52701

CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
euvd
euvd
added 2026/06/16 9:0 a.m.9 views

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/16 9:0 a.m.28 views

CVE-2026-39437 WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS0.00142EPSS
Exploits0References1
cve
cve
added 2026/05/28 1:12 p.m.24 views

CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

10CVSS5.8AI score0.00331EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/18 1:36 a.m.34 views

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS0.00575EPSS
Exploits1References3
cve
cve
added 2026/04/18 1:36 a.m.25 views

CVE-2026-40491

CVE-2026-40491 affects the gdown library (Python) prior to 5.2.2. A path traversal flaw in the extractall function fails to sanitize archive member filenames, allowing files to be written outside the destination directory and potentially enabling arbitrary file overwrite and Remote Code Execution...

7.8CVSS5.9AI score0.00575EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/31 10:52 p.m.4 views

GHSA-677C-XV24-CRGX baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

7.1CVSS7AI score0.00258EPSS
Exploits0References5
osv
osv
added 2026/03/31 10:43 p.m.3 views

GHSA-6HPG-8RX3-CWGV baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.2CVSS7.1AI score0.02059EPSS
Exploits0References5
github
github
added 2026/03/31 10:43 p.m.7 views

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.8CVSS7.1AI score0.02059EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/03/18 6:31 p.m.4 views

EUVD-2026-12914

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

8.2CVSS5.8AI score0.00618EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2026/03/18 6:16 p.m.6 views

CVE-2026-26740

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

8.2CVSS5.9AI score0.00618EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.10 views

chi 安全漏洞

Chi is a routing tool developed by Go-Chi. Versions of Chi 5.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the RedirectSlashes function, which had an open redirection feature, potentially redirecting victim users to malicious websites...

4.7CVSS5.8AI score0.00215EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/14 8:26 a.m.4 views

CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS5.7AI score0.0019EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/14 12:0 a.m.9 views

PT-2026-8100

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS5.7AI score0.0019EPSS
Exploits0References3
ibm
ibm
added 2026/01/22 5:2 a.m.9 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files...

7.5CVSS6.5AI score0.03136EPSS
Exploits1Affected Software1
ibm
ibm
added 2026/01/22 5:1 a.m.7 views

Security Bulletin: Vulnerabilities inuptrace pgdriver affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability inuptrace pgdriver has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-44906 DESCRIPTION:...

6.5CVSS7.4AI score0.00334EPSS
Exploits1Affected Software1
Rows per page
Query Builder