Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/05/14 8:24 a.m.55 views

CVE-2026-6512 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS0.00264EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/06 12:0 a.m.70 views

📄 Hibernate ORM 5.6.15 SQL Injection

Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...

8.3CVSS5.9AI score0.00782EPSS
Exploits1
CVE
CVE
added 2026/04/21 10:16 p.m.16 views

CVE-2026-40929

WWBN AVideo 29.0 and earlier: the endpoint objects/commentDelete.json.php mutates state to delete comments without CSRF validation, lacking forbidIfIsUntrustedRequest(), CSRF/global token, or Origin/Referer checks. Because session.cookie_samesite=None, cross-site requests from attacker pages carr...

5.4CVSS5.6AI score0.00113EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/10 9:39 p.m.3 views

EUVD-2026-10926

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL e.g., 30 seconds, the TTL index is...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:39 p.m.2 views

CVE-2026-31827

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL e.g., 30 seconds, the TTL index is...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/10/09 1:48 a.m.21 views

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

5.4CVSS5.5AI score0.00181EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/09 1:48 a.m.10 views

CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS0.00181EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.5 views

PT-2025-41330

Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions prior to 9.0.46 Description The WP Go Maps plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. The plugin exposes state-changing REST actions through an AJAX bridge without appropria...

5.4CVSS6.4AI score0.00181EPSS
Exploits0References9
NVD
NVD
added 2025/08/22 4:15 p.m.6 views

CVE-2025-55741

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS0.00387EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Thumbnail carousel slider < 1.0.1 - Cross-Site Request Forgery to Mass Slider Deletion

Description The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder