Lucene search
K

10 matches found

NVD
NVD
added 2026/04/15 8:16 p.m.6 views

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS0.00365EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/15 2:19 a.m.8 views

CVE-2026-2233

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/03/15 2:19 a.m.10 views

CVE-2026-2233

The CVE CVE-2026-2233 affects the WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration (wp-user-frontend). Multiple sources confirm a missing capability check in the draft_post() function that allows unauthenticated attackers to modi...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 7:23 p.m.26 views

CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...

8.8CVSS0.00545EPSS
Exploits0References6
OSV
OSV
added 2024/10/10 2:15 a.m.5 views

CVE-2024-9205

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00349EPSS
Exploits0References3
OSV
OSV
added 2017/04/18 2:6 p.m.7 views

SUSE-SU-2017:1047-1 Security update for ntp

This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050: - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...

8.8CVSS6.8AI score0.06515EPSS
Exploits2References10
OSV
OSV
added 2017/01/13 12:0 a.m.2 views

UBUNTU-CVE-2016-7427

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via a crafted broadcast mode packet...

4.3CVSS7AI score0.03939EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2016/04/28 12:0 a.m.5 views

PT-2016-4857 · Ntp +8 · Ntp +10

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Description: An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the messag...

9.8CVSS6.5AI score0.97549EPSS
Exploits59References218
CNVD
CNVD
added 2015/10/08 12:0 a.m.1 views

NTP ntpd Input Validation Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in the ntpcrypto.c file in ntpd in NTP 4.2.8 and earlier versions. A remote attacker could exploit th...

5.8CVSS7.5AI score0.06135EPSS
Exploits0References1
Rows per page
Query Builder