Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Booking Package 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.6 views

CVE-2026-44118

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

8.5CVSS5.8AI score0.00112EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 9:57 p.m.5 views

EUVD-2026-15952

n8n Has Authorization Bypass in OAuth Callback via N8NSKIPAUTHONOAUTHCALLBACK...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2024/02/13 10:25 p.m.38 views

GHSA-3HV4-R2FM-H27F Email Validation Bypass And Preventing Sign Up From Email's Owner

Summary Email validation can easily be bypassed because verifyemailenabled option enable email validation at sign up only. A user changing it's email after signing up and verifying it can change it without verification in /profile. This can be used to prevent legitimate owner of the email address...

5.4CVSS6AI score0.01385EPSS
Exploits1References5
OSV
OSV
added 2023/10/30 6:15 p.m.2 views

CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.001EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 6:15 p.m.23 views

Design/Logic Flaw

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS8.2AI score0.001EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/12/16 4:15 p.m.2 views

CVE-2022-20544

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

4.4CVSS5.9AI score0.0011EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/01/23 12:0 a.m.7 views

isActive doesn't prevent owner from sweeping token from AaveV2Strategy, SDM and SPM

Handle wuwe1 Vulnerability details Proof of Concept isActive appear in these places: owner can bypass isActive check by setting a different address in sherlockCore Recommended Mitigation Steps Add Timelock on setting sherlockCore. --- The text was updated successfully, but these errors were...

7AI score
Exploits0
Rows per page
Query Builder