Lucene search
K

3369 matches found

CVE
CVE
added yesterday9 views

CVE-2026-6541

CVE-2026-6541 affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x

4.3CVSS6.1AI score
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday14 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS7AI score0.08975EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday7 views

WordPress WPCOM Member <= 1.7.6 - SQL Injection

WPCOM Member plugin for WordPress up to 1.7.6 contains a time-based SQL Injection caused by insufficient escaping and lack of preparation on the 'userphone' parameter, letting unauthenticated attackers extract sensitive information, exploit requires sending crafted 'userphone' parameter. id:...

7.5CVSS7AI score0.01708EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday74 views

Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

9.8CVSS7.3AI score0.09105EPSS
Exploits2References4
NVD
NVD
added 3 days ago6 views

CVE-2026-61442

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 3 days ago17 views

CVE-2026-61442

PraisonAI Platform before 0.1.9 has an authorization bypass on PATCH routes for projects, issues, and agents, where workspace-members can modify owner-created records. Specifically, a member can reassign lead_id to their own user id and then delete the owner-created project, bypassing the delete ...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago12 views

EUVD-2026-43180

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS0.00239EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42901

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-61441

PraisonAI Platform before version 0.1.9 suffers an authorization bypass in the DELETE dependency endpoint: the route validates permissions against the caller-selected URL issue but allows deletion via a member-owned issue endpoint if the dependency edge is related to a member, bypassing owner/adm...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS0.00393EPSS
Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to 2.10.1 due to insufficient escaping and lack of proper SQL query preparation. This a...

7.5CVSS6AI score0.00393EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42799

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score0.00393EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score0.00393EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15290 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS0.00393EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-14245

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42543

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-14245 miniOrange OTP Login, Verification and SMS Notifications <= 5.5.1 - Authentication Bypass to Administrator Account Takeover via 'username_b' Parameter

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-14245

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score0.00586EPSS
Exploits0References11
Nuclei
Nuclei
added last week112 views

WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

9.8CVSS7.4AI score0.89431EPSS
Exploits8References5
Rows per page
Query Builder