Lucene search
K

21 matches found

CVE
CVE
added 2026/06/24 9:8 p.m.12 views

CVE-2026-55762

Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 7:56 p.m.13 views

EUVD-2026-34176

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2025/08/23 5:15 a.m.5 views

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

4.3CVSS0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/23 12:0 a.m.3 views

WordPress plugin Restore Permanently delete Post or Page Data 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Restore...

4.3CVSS6.2AI score0.00124EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/22 10:15 p.m.5 views

WordPress Restore Permanently delete Post or Page Data plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Restore Permanently delete Post or Page Data versions = 1.0...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/10 7:1 a.m.19 views

CVE-2024-36452

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be...

6.8AI score0.00176EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/12/19 9:58 a.m.3 views

OpenSC: Potential PIN bypass when card tracks its own login state

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

6.6CVSS5.8AI score0.00925EPSS
Exploits0References7
Prion
Prion
added 2023/12/13 2:15 p.m.13 views

Improper access control

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

5.5CVSS7.1AI score0.00421EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/09/28 1:44 a.m.3 views

SUSE CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

7.3CVSS6.7AI score0.00925EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.6 views

All Ether sent to LSP0ERC725Account will be permanently locked

Lines of code Vulnerability details Impact All Ether sent to LSP0ERC725Account will be permanently locked because it inherits the receive function from the LSP0ERC725AccountCore contract but does not have a withdraw function. Proof of Concept All Ether sent to LSP0ERC725Account will be permanentl...

6.8AI score
Exploits0
Huntr
Huntr
added 2022/09/18 11:50 a.m.29 views

User's session persist after permanently deleting his account

Description If a user is logged in, and an admin decided to delete his account permanently, the user is still able to perform his normal actions until his session gets expired. If a logged in user with admin role is deleted permanently, he's still able to delete other admins permanently, and if...

6.5CVSS1.5AI score0.00385EPSS
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.16 views

Mismatch in withdraw() between Yearn and other protocols can prevent Users from redeeming zcTokens and permanently lock funds

Lines of code Vulnerability details Impact As defined in the docs for Euler, ERC4626, Compound and Aave, when withdrawing and depositing funds the amount specified corresponds excactly to how many of the underlying assets are deposited or withdrawn. However, as specified by Yearn, the yearn...

6.8AI score
Exploits0
Prion
Prion
added 2021/11/05 9:15 p.m.16 views

Design/Logic Flaw

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

6.4CVSS9.1AI score0.0393EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.1101 views

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

6.1CVSS6.3AI score0.01785EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2019/11/26 12:15 a.m.46 views

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

4.3CVSS6.6AI score0.01191EPSS
Exploits1References2
HackRead
HackRead
added 2018/04/07 7:12 p.m.20 views

How to Delete Your Facebook Account Permanently – 2018 Guide

By Waqas If you are looking for how to delete your Facebook This is a post from HackRead.com Read the original post: How to Delete Your Facebook Account Permanently - 2018 Guide...

2AI score
Exploits0
HackRead
HackRead
added 2017/10/14 2:43 p.m.72 views

New Android Ransomware Permanently Changes PIN, Demands Ransom

By Waqas DoubleLocker Android Ransomware Encrypts Data and Changes PIN to Permanently This is a post from HackRead.com Read the original post: New Android Ransomware Permanently Changes PIN, Demands Ransom...

6.9AI score
Exploits0
myhack58
myhack58
added 2011/10/17 12:0 a.m.27 views

DEDECMS full version gotopage variable XSS ROOTKITS, 0DAY-vulnerability warning-the black bar safety net

Affected versions: DEDECMS full version The vulnerability described in: DEDECMS background landing template gotopage variable is not tested incoming data, leading toXSSvulnerabilities. \dede\templets\login.htm 6 5 the left and right input type="hidden" name="gotopage" value="? php if!...

1.3AI score
Exploits0
OpenVAS
OpenVAS
added 2010/03/02 12:0 a.m.25 views

Fedora Update for chrony FEDORA-2010-1539

Check for the Version of chrony OpenVAS Vulnerability Test Fedora Update for chrony FEDORA-2010-1539 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

5CVSS0.1AI score0.0272EPSS
Exploits0References2
Fedora
Fedora
added 2010/02/06 12:7 a.m.30 views

[SECURITY] Fedora 12 Update: chrony-1.23-8.20081106gitbe42b4.fc12

A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with dial-up Internet connections, and also supports computers in permanently connected environments...

5CVSS3.6AI score0.0272EPSS
Exploits0
Rows per page
Query Builder