Lucene search
+L

184 matches found

nvd
nvd
added 2026/01/07 9:15 p.m.9 views

CVE-2025-69221

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...

4.3CVSS0.00235EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/01/01 1:34 p.m.4 views

CVE-2025-62096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

6.5CVSS5.9AI score0.0013EPSS
Exploits0References1
nvd
nvd
added 2025/12/31 2:15 p.m.11 views

CVE-2025-62096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

6.5CVSS0.0013EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/31 1:12 p.m.29 views

CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

6.5CVSS0.0013EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Maximum Products per User for WooCommerce 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

6.5CVSS5.7AI score0.0013EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2025/11/25 12:0 a.m.5 views

Securing the Model Context Protocol (MCP): Risks, Controls, and Governance

The Model Context Protocol MCP replaces static, developer-controlled API integrations with more dynamic, user-driven agent systems, which also introduces new security risks. As MCP adoption grows across community servers and major platforms, organizations encounter threats that existing AI...

7.3AI score
Exploits0
redhatcve
redhatcve
added 2025/11/19 9:10 a.m.19 views

CVE-2025-11620

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

7.2CVSS5.1AI score0.00322EPSS
Exploits0References1
euvd
euvd
added 2025/11/18 8:27 a.m.6 views

EUVD-2025-197949

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

7.2CVSS4.7AI score0.00322EPSS
Exploits0References4
patchstack
patchstack
added 2025/11/17 10:58 p.m.7 views

WordPress Multiple Roles per User plugin <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Multiple Roles per User versions = 1.0...

7.2CVSS7AI score0.00322EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9459

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00363EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7972

Malicious code in bioql PyPI...

5.9CVSS9AI score0.00347EPSS
Exploits0References2
cve
cve
added 2025/10/02 4:13 p.m.18 views

CVE-2025-34208

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...

8.2CVSS7AI score0.00411EPSS
Exploits1References4Affected Software2
nessus
nessus
added 2025/08/21 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2022-24778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by...

7.5CVSS6.8AI score0.02676EPSS
Exploits1References2
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-35490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS7.1AI score0.07694EPSS
Exploits1References2
packetstormnews
packetstormnews
added 2025/08/03 12:0 a.m.6 views

Hard-Earned Lessons in Access Control at Scale: Enforcing Identity and Policy across Trust Boundaries with Reverse Proxies and MTLS

In today's enterprise environment, traditional access methods such as Virtual Private Networks VPNs and application-specific Single Sign-On SSO often fall short when it comes to securely scaling access for a distributed and dynamic workforce. This paper presents our experience implementing a...

6.8AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 5:23 a.m.7 views

CVE-2023-52181

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1...

10CVSS8.6AI score0.00646EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:3 a.m.4 views

CVE-2023-20245

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should be denied to flo...

5.8CVSS6.9AI score0.00485EPSS
Exploits0References1
openvas
openvas
added 2025/05/07 12:0 a.m.16 views

Ensure That the Number of Files That Can Be Opened by Users Is Correctly Configured

The number of files that can be opened in Linux is limited. Once the limit is reached by a user, other users can no longer open files. By default, openEuler limits the maximum number of file handles that can be opened by each user to 1024. If the value exceeds 1024, new file handles cannot be...

6.9AI score
Exploits0References3
redhatcve
redhatcve
added 2025/04/03 9:39 p.m.7 views

CVE-2025-31455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through = 1.5...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/01 8:58 p.m.5 views

CVE-2025-31455 WordPress Limit Max IPs Per User plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder