Lucene search
+L

215 matches found

nessus
nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-57211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pa...

10CVSS6.1AI score0.00404EPSS
Exploits1References2
nvd
nvd
added last week5 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS0.00404EPSS
Exploits1References5
osv
osv
added last week2 views

UBUNTU-CVE-2026-57219

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
osv
osv
added last week3 views

UBUNTU-CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS6.1AI score0.00404EPSS
Exploits1References7
cve
cve
added last week97 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References6Affected Software1
osv
osv
added last week4 views

CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.15 views

PT-2026-57296

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description On Windows, the RabbitMQ management plugin static file handler rabbit mgmt wm static can pass URL-encoded backslashes to the erl prim loader:read file info function...

10CVSS6.1AI score0.00404EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.21 views

PT-2026-57304

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description The management plugin exposes an obsolete GET '/api/auth' endpoint that can disclose the OAuth ...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References14
cvelist
cvelist
added 2026/06/17 12:47 p.m.22 views

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:18 p.m.17 views

CVE-2026-42743

The CVE concerns WordPress Masteriyo LMS plugin versions ≤ 2.1.8 with an Unauthenticated Broken Authentication vulnerability. Impact is described as low confidentiality and integrity (CVSS v3.1: 6.5, MEDIUM). The issue is in Masteriyo-LMS prior to or at 2.1.8, enabling access without authenticati...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.12 views

WordPress plugin MDJM Event Management 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.9AI score0.00659EPSS
Exploits1References11
cve
cve
added 2026/06/03 9:4 a.m.22 views

CVE-2025-15656

CVE-2025-15656 is an Incorrect Privilege Assignment vulnerability affecting the WordPress School Management plugin (the CVE entry and related records list affected scope as WordPress School Management up to version 93.2.0). The underlying issue is privilege escalation via improper privilege assig...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.12 views

wordpress plugin School Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.5AI score0.00232EPSS
Exploits0References1
nvd
nvd
added 2026/05/25 10:16 p.m.13 views

CVE-2026-27398

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

5.3CVSS0.00231EPSS
Exploits0References1
cve
cve
added 2026/05/25 9:56 p.m.31 views

CVE-2026-27398

The CVE-2026-27398 entry describes a Missing Authorization vulnerability in the WordPress RSVP and Event Management plugin, affecting versions up to 2.7.16. The issue is classified as a Broken Access Control vulnerability with insecure access configuration allowing exploitation without user inter...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/25 12:0 a.m.10 views

WordPress plugin RSVP and Event Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitmq-server

RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization. This could potentially allow for JavaScript code to...

5.4CVSS6.1AI score0.01437EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitmq-server

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

4.8CVSS6.3AI score0.01416EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in rabbitMQ-server

Pivotal RabbitMQ versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, as well as RabbitMQ for Pivotal Platform versions 1.16.x prior to 1.16.7 and 1.17.x prior to 1.17.4, contain a web management plugin that is vulnerable to a denial-of-service attack. The “X-Reason” HTTP header can be...

7.5CVSS5.5AI score0.04519EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/22 7:45 a.m.4 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References4
Rows per page
Query Builder