Lucene search
+L

626 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/07 4:27 a.m.10 views

CVE-2026-7252

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/07 4:27 a.m.8 views

CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
CVE
CVE
added 2026/05/07 4:27 a.m.23 views

CVE-2026-7252

CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/07 4:27 a.m.55 views

CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS0.0095EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38342

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled original file deletion function in all versions up to, and including, 4.5.2...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.35 views

CVE-2026-43272 ring-buffer: Fix possible dereference of uninitialized pointer

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer headpage in rbmetavalidateevents which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure...

0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 7:16 p.m.7 views

GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

6.8CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.24 views

SUSE CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

8.8CVSS5.8AI score0.00437EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/25 1:38 a.m.11 views

SUSE CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

6.5CVSS5.7AI score0.00311EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.140 views

Linux Distros Unpatched Vulnerability : CVE-2026-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites...

9.8CVSS4.9AI score0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 p.m.10 views

EUVD-2026-22844

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

8.8CVSS5.8AI score0.00399EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/22 9:9 p.m.11 views

Malicious code in pypdf-fork (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02 During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". ---...

5.8AI score
Exploits0References1
Metasploit
Metasploit
added 2026/04/15 7:2 p.m.409 views

Powershell Profile Persistence

This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/15 9:16 a.m.5 views

CVE-2026-5617

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

8.8CVSS0.00399EPSS
Exploits0References5
CVE
CVE
added 2026/04/15 7:45 a.m.20 views

CVE-2026-5617

CVE-2026-5617 affects the WordPress plugin Login as User (all versions up to 1.0.3). The handle_return_to_admin() function trusts a client-controlled cookie (oclaup_original_admin) to select the target user for “Return to Admin,” without server-side verification of the cookie’s legitimacy. This e...

8.8CVSS5.8AI score0.00399EPSS
Exploits0References5
CVE
CVE
added 2026/04/13 6:11 p.m.19 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability (CVE-2026-40043) in the runSwitchUser() action. An authenticated, low-privilege attacker can manipulate the client-controlled original_username cookie and request a switch to user ID 1, potentially obtaining session tokens or administra...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/13 6:11 p.m.20 views

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS0.00304EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32497

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the original username cookie. Attackers can set the client-controlled original username cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References6
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.65 views

Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

7.1CVSS5.9AI score0.00304EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/10 1:17 p.m.28 views

CVE-2026-33092

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM macOS before build 42571, Acronis True Image macOS before build 42902...

7.8CVSS0.00181EPSS
Exploits0References1
Rows per page
Query Builder