Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/05 3:31 a.m.5 views

EUVD-2026-27180

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 8:15 p.m.17 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/09 8:15 p.m.7 views

CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

9.1CVSS8AI score0.05803EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/09 7:30 p.m.5 views

CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

7.5AI score0.05803EPSS
Exploits0References1
Amazon
Amazon
added 2017/10/03 12:0 a.m.76 views

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

7.8CVSS8.3AI score0.88944EPSS
Exploits23
Rows per page
Query Builder