Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.5 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/02 1:26 p.m.4 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.4 views

CVE-2026-25019

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.3.1...

5.3AI score0.00171EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/30 6:44 p.m.8 views

WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Atarim versions = 4.3.1...

5.3CVSS5.3AI score0.00171EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.6 views

CVE-2026-24596

Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.1...

4.7CVSS5.9AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:29 p.m.30 views

CVE-2026-24596

CVE-2026-24596 is a CSRF vulnerability in the WordPress plugin Related Posts Thumbnails (versions up to 4.3.1). The issue allows Cross-Site Request Forgery, affecting the Related Posts Thumbnails Plugin for WordPress from an unspecified early version to 4.3.1. The CVE entry provides a CVSS v3.1 b...

4.3CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 4:31 a.m.5 views

EUVD-2025-203497

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

5.3CVSS4.8AI score0.00917EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 3:30 p.m.18 views

CVE-2025-14387

The CVE-2025-14387 entry concerns the LearnPress – WordPress LMS Plugin (WordPress) with versions up to 4.3.1. The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping. It can be exploited by authenticated attackers with Subscriber-leve...

6.4CVSS4.7AI score0.0022EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.6 views

WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ekommart versions 4.3.1...

9.8CVSS7AI score0.00385EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 9:18 p.m.4 views

CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

7.2CVSS7.2AI score0.00884EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.8 views

PT-2025-5745

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...

8.5CVSS5.6AI score0.00373EPSS
Exploits1References17
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.4 views

Crestron AirMedia 安全漏洞

Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia Windows Application version 4.3.1.39. An attacker could exploit the vulnerability to temporarily store a file structure and change it during a...

8.8CVSS8AI score0.01049EPSS
Exploits0References3
OSV
OSV
added 2020/07/01 6:15 p.m.4 views

UBUNTU-CVE-2020-14196

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced...

5.3CVSS7.2AI score0.01688EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/29 12:0 a.m.2 views

LCDS LAquis SCADA Input Validation Error Vulnerability

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. An input validation error vulnerability exists in LCDS LAquis SCADA version...

7.8CVSS6.9AI score0.00809EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.4 views

Broadcom CA API Developer Portal Information Disclosure Vulnerability

Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An information disclosure vulnerability exists in Broadcom CA API Developer Portal...

6.5CVSS6.2AI score0.01371EPSS
Exploits0References1
Rows per page
Query Builder