Lucene search
K

4617 matches found

Nuclei
Nuclei
added 5 hours ago7 views

WordPress 1 Click Migration Plugin < 2.3 - Information Exposure

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.9CVSS6.7AI score0.01575EPSS
Exploits0References2
Nuclei
Nuclei
added 5 hours ago20 views

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

9.8CVSS7.5AI score0.32714EPSS
Exploits13References4
Nuclei
Nuclei
added 5 hours ago16 views

WordPress Backup Migration <= 1.3.6 - Path Traversal

WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...

7.5CVSS7AI score0.02072EPSS
Exploits0References4
Nuclei
Nuclei
added 5 hours ago59 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS6.1AI score0.01175EPSS
Exploits0References2
Nuclei
Nuclei
added 5 hours ago99 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS6.1AI score0.01204EPSS
Exploits3References5
OSV
OSV
added last week4 views

PYSEC-2026-1452 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

7CVSS6AI score0.00229EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56297

Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...

9.1CVSS5.9AI score0.00013EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 8:3 a.m.14 views

CVE-2026-46590

CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook and migration allow-list filtering process. An attacker can access internal network resources or sensitive endpoints by crafting requests that bypass the intended filtering. Remediation...

9.6CVSS7.2AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the LFS mirror synchronization process. An attacker can bypass configured HTTP transport restrictions by initiating LFS push or sync mirror operations, allowing unauthorized network requests to be made outside o...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58418

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS0.00482EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.11 views

CVE-2026-22874

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS0.00464EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.6 views

CVE-2026-58418

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.37 views

CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration

SSRF via HTTP Redirect in Repository Migration...

6.5CVSS0.00243EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:54 p.m.23 views

CVE-2026-58418

The CVE-2026-58418 entry describes an SSRF via HTTP Redirect vulnerability in the Repository Migration feature. The description and connected documents indicate this affects the repository migration flow, enabling an SSRF condition through HTTP redirects. Public details in the connected sources a...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41630

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

5.9AI score0.00482EPSS
Exploits0References4
Rows per page
Query Builder