Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/02/19 6:49 a.m.26 views

CVE-2026-1994 s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00376EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/16 9:54 a.m.3 views

CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25451

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00523EPSS
Exploits0References2
CVE
CVE
added 2025/08/21 12:0 a.m.22 views

CVE-2025-52395

CVE-2025-52395 affects Roadcute API v1. The vulnerability arises from an insecure password-reset endpoint that fails to validate the requester’s identity, enabling a remote attacker to execute arbitrary code. The issue is rated CVSS v3.1: 9.8 (CRITICAL) with network attack, no privileges required...

9.8CVSS8.3AI score0.00523EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.5 views

WordPress plugin WPBookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.2AI score0.00634EPSS
Exploits0References4
OSV
OSV
added 2025/03/14 5:15 a.m.4 views

CVE-2024-11284

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the accountsettingssavecallback function. This mak...

9.8CVSS5.9AI score0.00496EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.4 views

JetBrains TeamCity 授权问题漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...

5.3CVSS5.6AI score0.00712EPSS
Exploits0References2
Rows per page
Query Builder