Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/12 11:51 a.m.8 views

EUVD-2026-36412

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.2AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:57 p.m.4 views

CVE-2026-32816

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

5.7CVSS5.8AI score0.0013EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/19 10:57 p.m.9 views

CVE-2026-32816

CVE-2026-32816 affects Admidio 5.0.0–5.0.6 where delete, activate, and deactivate for groups_roles.php do not validate CSRF tokens. The client sends a CSRF token via adm_csrf_token, but server handlers ignore it for these modes, enabling a forged request to permanently delete roles and cascade re...

5.7CVSS5.8AI score0.0013EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/09 1:48 a.m.3 views

CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS5.5AI score0.00179EPSS
Exploits0References6
Rows per page
Query Builder