Lucene search
+L

23 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-44174 Kirby: Arbitrary Method Call via REST API search and collection query endpoints

Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...

8.7CVSS0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28609

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00387EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31206

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00265EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/15 5:19 a.m.6 views

Improper Access Control

unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...

8.1CVSS6.8AI score0.00387EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/24 4:6 p.m.8 views

CVE-2025-55741

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS6.2AI score0.00387EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/08/22 4:49 p.m.12 views

UnoPim has Broken Access Control

Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/08/22 4:49 p.m.7 views

GHSA-8P2F-FX4Q-75CX UnoPim has Broken Access Control

Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...

8.1CVSS7.1AI score0.00387EPSS
Exploits1References7
CVE
CVE
added 2025/08/22 4:4 p.m.31 views

CVE-2025-55741

UnoPim is a Laravel-based open-source PIM. In versions

8.1CVSS6.4AI score0.00387EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/22 4:4 p.m.12 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS0.00387EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/22 4:4 p.m.3 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS6.4AI score0.00387EPSS
Exploits1References3
OSV
OSV
added 2025/08/22 4:4 p.m.7 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.13 views

PT-2025-34443 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.3.0 and earlier Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Users lacking the necessary Delete privilege for products can bypass access controls by submitti...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-27430

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

8.8CVSS7.1AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2023/05/18 11:15 a.m.20 views

CVE-2023-27430

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

8.8CVSS6.5AI score0.00265EPSS
Exploits0References1
Prion
Prion
added 2023/05/18 11:15 a.m.19 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

6.8CVSS8.7AI score0.00265EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/18 10:38 a.m.46 views

CVE-2023-27430

CVE-2023-27430 affects WordPress Mass Delete Unused Tags plugin (

8.8CVSS7.1AI score0.00265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/18 10:38 a.m.31 views

CVE-2023-27430 WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

5.4CVSS9AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.4 views

WordPress plugin Mass Delete Unused Tags 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

8.8CVSS8.1AI score0.00265EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.6 views

WordPress Mass Delete Taxonomies Plugin <= 3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mass Delete Taxonomies Type Plugin Vulnerable versions = 3.0.0 Fixed in 4.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 69e07302ea8d Credits WordFence Required...

7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.12 views

WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mass Delete Unused Tags Type Plugin Vulnerable versions = 2.0.0 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27430 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6d6176635537 Credits Mika Requir...

8.8CVSS6.6AI score0.00265EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder