Lucene search
K

180 matches found

CVE
CVE
added 2025/11/08 9:28 a.m.14 views

CVE-2025-11980

CVE-2025-11980 affects the WordPress Quick Featured Images plugin prior to 13.7.4. The vulnerability is an SQL Injection in the delete_orphaned function due to insufficient escaping and unsafe SQL construction. Exploitation requires Editor+ privileges and user interaction (an author-level user mu...

4.9CVSS6.1AI score0.00275EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/08 9:28 a.m.3 views

CVE-2025-11980 Quick Featured Images <= 13.7.3 - Authenticated (Editor+) SQL Injection via delete_orphaned

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'deleteorphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS6AI score0.00275EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/24 3:6 p.m.2 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...

4.8CVSS6.9AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/24 3:6 p.m.1 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...

4.8CVSS6.9AI score0.00208EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/24 3:6 p.m.10 views

Rancher user retains access to clusters despite Global Role removal

Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...

4.3CVSS6.7AI score0.00208EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.8 views

PT-2025-43690

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.12.3 Rancher versions prior to 2.11.7 Description A flaw exists in Rancher Manager where removing a custom GlobalRole granting administrative access, or its corresponding binding, does not revoke the user's access t...

4.3CVSS6.2AI score0.00208EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-2319

Malware in sbrugna...

4.3CVSS6.4AI score0.00994EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-4359

Malware in sbrugna...

2.1CVSS6.4AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7908

Malware in sbrugna...

6.5CVSS6.8AI score0.01157EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22514

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00301EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-42310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned...

5.5CVSS6.1AI score0.00264EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/26 12:29 a.m.11 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

6.5CVSS6.6AI score0.00301EPSS
Exploits1References1
NVD
NVD
added 2025/07/24 2:15 p.m.5 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

6.5CVSS0.00301EPSS
Exploits1References2
OSV
OSV
added 2025/07/24 2:15 p.m.6 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

6.5CVSS7.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/24 12:0 a.m.4 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

7.1AI score0.00301EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/07/24 12:0 a.m.4 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

6.5CVSS5.3AI score0.00301EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/24 12:0 a.m.9 views

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...

0.00301EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.5 views

2FAuth 安全漏洞

2FAuth is a web application from Bubka Personal Developers for managing two-factor authentication 2FA accounts and generating their security codes. A security vulnerability exists in 2FAuth version v5.5.0 that stems from a group deletion contention condition that could lead to data inconsistencie...

6.5CVSS6.8AI score0.00301EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.6 views

PT-2025-30666 · 2Fauth · 2Fauth

Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.5.0 Description: A group deletion race condition can lead to data inconsistencies and orphaned accounts when a group is deleted while other operations are in progress. Recommendations: At the moment, there is no information...

6.5CVSS6.1AI score0.00301EPSS
Exploits1References5
CVE
CVE
added 2025/07/24 12:0 a.m.19 views

CVE-2025-45731

CVE-2025-45731 relates to a group deletion race condition in the 2FAuth v5.5.0 application. The issue arises when a group is deleted while other operations are pending, leading to data inconsistencies and orphaned accounts. The connected documents confirm the affected product and the underlying c...

6.5CVSS6.6AI score0.00301EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder