Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 4 days ago4 views

CVE-2026-49077

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/15 8:29 p.m.32 views

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

4.3CVSS0.00036EPSS
Exploits1References1
CVE
CVEadded 2026/03/27 10:26 p.m.15 views

CVE-2026-4248

The CVE-2026-4248 entry concerns the Ultimate Member WordPress plugin with a vulnerability in versions up to 2.11.2. The issue arises because the '{usermeta:password_reset_link}' template tag is processed inside post content via the [um_loggedin] shortcode, generating a valid password reset token...

8CVSS5.9AI score0.00047EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/07/08 12:0 a.m.1 views

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

8.8CVSS7.1AI score0.00197EPSS
Exploits1References6
CVE
CVEadded 2025/03/27 2:11 p.m.43 views

CVE-2025-22672

CVE-2025-22672 is a Server-Side Request Forgery (SSRF) vulnerability affecting WordPress plugin “Video & Photo Gallery for Ultimate Member” (versions up to and including 1.1.2). The issue, confirmed in multiple sources, is due to SSRF in the plugin and is listed as affecting versions from n/a thr...

4.9CVSS7.2AI score0.00194EPSS
Exploits0References1
NVD
NVDadded 2025/02/05 10:15 a.m.15 views

CVE-2024-1539

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...

5.3CVSS0.00043EPSS
Exploits0References2
Prion
Prionadded 2023/07/31 4:15 p.m.11 views

Open redirect

Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java...

5.8CVSS6.3AI score0.00245EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker Newsadded 2023/07/01 7:25 a.m.7 views

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...

9.8CVSS7AI score0.9297EPSS
Exploits12
Rows per page
Query Builder