Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.7 views

CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.35 views

CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS0.00314EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.11 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.8AI score0.0028EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/19 3:31 p.m.6 views

EUVD-2025-204539

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.2AI score0.0028EPSS
Exploits1References4
NVD
NVD
added 2025/12/19 3:15 p.m.4 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS0.0028EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.5 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.4AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2025/12/19 12:0 a.m.7 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.6AI score0.0028EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.4 views

PT-2025-52448

Name of the Vulnerable Software and Affected Versions Turms IM Server versions prior to 0.10.0-SNAPSHOT Description The software contains a flaw in access control related to querying user online status. An authenticated user can access online status, device information, and login timestamps of an...

6.5CVSS6.4AI score0.0028EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.6 views

Hitachi Energy NSD570 安全漏洞

The Hitachi Energy NSD570 is a remote protection device from Hitachi, Ltd Hitachi, Japan. It is designed to provide simple commissioning, operation and monitoring of remote protection links. A security vulnerability exists in the Hitachi Energy NSD570 that originates from allowing any authenticat...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder