Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.4AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 2:16 p.m.12 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 1:7 p.m.9 views

EUVD-2026-33307

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 1:7 p.m.14 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an authorization vulnerability. This vulnerability stemmed from the absence of user login checks and administrator gatekeeping in the objects/mention.json.php file...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38637

Name of the Vulnerable Software and Affected Versions Next.js affected versions not specified Description An authorization bypass exists in applications that use middleware to protect dynamic routes. Attackers can use specially crafted query parameters to alter the dynamic route value perceived b...

8.5CVSS5.8AI score0.00449EPSS
Exploits2References25
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. There is an access control vulnerability in the Joomla! CMS. This vulnerability arises from the fact that the ajax component in the administration area is excluded from the default login user checks, whi...

7.3CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to block simultaneous check and update failed login attempts. The following versions are affected: versions 10.1.x through...

4.8CVSS6.5AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2023/06/07 2:15 a.m.6 views

CVE-2021-4346

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...

7.5CVSS5.8AI score0.01239EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.8 views

CVE-2021-4346

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...

9.8CVSS6.8AI score0.01239EPSS
Exploits1References3
CNVD
CNVD
added 2021/10/12 12:0 a.m.15 views

Artica Integria IMS has an unspecified vulnerability

Artica Integria IMS is a web-based help desk software from the Spanish company Artica. The software features SLA tracking, workflow management, personalized reporting and email management.A security vulnerability exists in the Artica Integria IMS login checks, which could be exploited by an...

9.8CVSS2.8AI score0.01083EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/15 12:0 a.m.4 views

WordPress membership-simplified-for-oap-members-only plugin arbitrary file download vulnerability

WordPress membership-simplified-for-oap-members-only is a membership plugin developed for WordPress. An arbitrary file download vulnerability exists in the WordPress membership-simplified-for-oap-members-only version 1.58 plugin, which stems from the program failing to detect whether a user is...

9.8CVSS9.2AI score0.16927EPSS
Exploits7References1
Rows per page
Query Builder