Lucene search
+L

231554 matches found

cve
cve
added 2026/05/27 3:30 p.m.42 views

CVE-2022-41656

CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1
cve
cve
added 2026/05/08 12:0 a.m.60 views

CVE-2023-42343

OpenCMS before 10.5.1 is vulnerable to a Cross-Site Scripting (XSS) issue via the CMIS online endpoint cmis-online/type. The vulnerability is described across multiple connected sources (CVE-2023-42343, EUVD-2023-46796, NVD/NVDC, and nuclei templates) as an XSS flaw in the /opencms/cmisatom/cmis-...

6.1CVSS5.8AI score0.0059EPSS
Exploits0References1
cve
cve
added 2026/05/08 12:0 a.m.99 views

CVE-2023-42344

CVE-2023-42344 – OpenCms XXE vulnerability Affected software: Alkacon OpenCms prior to 10.5.1 (OpenCms versions reportedly 9.0.0 to 10.5.0 cited in some sources). Root cause: Unauthenticated XXE via a cmis-online/query endpoint in the Chemistry servlet, enabling access to sensitive information. I...

7.3CVSS5.8AI score0.02231EPSS
In wildExploits0References2
circl
circl
added 2026/03/27 3:0 a.m.6 views

CVE-2026-3109

creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...

5.4CVSS5.7AI score0.00291EPSS
Exploits0References1
cve
cve
added 2026/03/02 7:2 p.m.54 views

CVE-2024-31328

CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...

8.8CVSS6.2AI score0.00115EPSS
Exploits0References1Affected Software1
githubexploit
githubexploit
added 2026/01/26 3:23 a.m.187 views

Exploit for CVE-2023-1234

Poc Hunter A vulnerability/proof of concept PoC search tool...

4.3CVSS6.7AI score0.00707EPSS
Exploits7
ptsecurity
ptsecurity
added 2026/01/09 12:0 a.m.6 views

PT-2026-1869

Name of the Vulnerable Software and Affected Versions Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T Description A security issue exists in Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T that allows an unauthenticated attacker to bypass the multi-factor authentication MFA...

8.2CVSS6.8AI score0.00331EPSS
Exploits0References5
cve
cve
added 2026/01/05 1:33 p.m.33 views

CVE-2024-23511

CVE-2024-23511 describes a DOM-based XSS in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Affected product: The Plus Addons for Elementor Page Builder Lite (WordPress plugin) with versions up to and including 5.3.3. Root cause: improper input handling during web page generation leadin...

6.5CVSS7.8AI score0.00128EPSS
Exploits0References1
cve
cve
added 2026/01/05 1:32 p.m.44 views

CVE-2023-52212

CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager, affecting versions up to 2.0.0. The connected sources identify WP Job Manager as the affected product, with the root cause being CSRF in the plugin’s handling of requests, enabling CSRF under ...

5.4CVSS8.7AI score0.00109EPSS
Exploits0References1
cve
cve
added 2026/01/05 1:29 p.m.59 views

CVE-2023-50897

CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...

9.1CVSS8.8AI score0.00282EPSS
Exploits0References1
cve
cve
added 2026/01/05 1:27 p.m.57 views

CVE-2023-49186

CVE-2023-49186 affects the WordPress plugin Machic Core (

7.1CVSS7.8AI score0.00143EPSS
Exploits0References1
cve
cve
added 2025/12/29 11:22 p.m.28 views

CVE-2023-41656

CVE-2023-41656 is a broken access control vulnerability in the WordPress plugin Better Elementor Addons up to version 1.3.7, allowing exploitation of incorrectly configured access control security levels. The issue is categorized as Missing Authorization with a CVSSv3.1 base score of 5.4 (Medium)...

5.4CVSS8.8AI score0.00166EPSS
Exploits0References1
cve
cve
added 2025/12/23 12:6 p.m.49 views

CVE-2024-24844

CVE-2024-24844 concerns WordPress PowerPack Pro for Elementor (plugin), where versions up to and including 2.10.6 are affected by a missing authorization issue that allows unauthenticated exploitation of misconfigured access control, enabling unauthorized changes to plugin settings. The root caus...

7.5CVSS8.9AI score0.00241EPSS
Exploits0References1
cve
cve
added 2025/12/23 12:2 p.m.33 views

CVE-2023-52210

CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...

5.3CVSS8.7AI score0.0025EPSS
Exploits0References1
cve
cve
added 2025/12/21 12:6 a.m.412 views

CVE-2023-47232

Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...

4.3CVSS8.6AI score0.00198EPSS
Exploits0References1
openvas
openvas
added 2025/10/23 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2025:3699-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.00308EPSS
Exploits0References4
cve
cve
added 2025/08/16 1:29 p.m.109 views

CVE-2023-3867

In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...

7.1CVSS7AI score0.02838EPSS
Exploits0References4Affected Software1
cve
cve
added 2025/08/16 1:27 p.m.104 views

CVE-2023-3866

CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...

5.5CVSS6.9AI score0.14332EPSS
Exploits0References4Affected Software1
cve
cve
added 2025/08/16 1:27 p.m.117 views

CVE-2023-3865

CVE-2023-3865 affects the ksmbd component of the Linux kernel (smb2_write). Root cause: ksmbd_smb2_check_message does not validate hdr->NextCommand; if NextCommand > Offset+Length of smb2 write, an oversized length allows an out-of-bounds read in smb2_write. Implication: out-of-bounds read ...

7.1CVSS6.9AI score0.00374EPSS
Exploits0References4Affected Software1
cve
cve
added 2025/08/16 1:25 p.m.61 views

CVE-2023-32249

CVE-2023-32249 affects the Linux kernel ksmbd component. The issue is mitigated by a patch that returns STATUS_NOT_SUPPORTED when the binding session is a guest on multichannel, effectively disallowing guest access for that path. The NVD metrics classify the impact as locally exploitable with low...

5.5CVSS6.6AI score0.00151EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder