Lucene search
K

10 matches found

EUVD
EUVD
added 2026/04/14 7:43 a.m.3 views

EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:42 p.m.2 views

CVE-2026-33312

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

5.3CVSS6.7AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 9:34 a.m.19 views

CVE-2025-14262

KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...

5.3CVSS6.3AI score0.00158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/30 10:4 a.m.17 views

CVE-2025-7065

The CVE-2025-7065 entry involves PAD CMS photo upload where a client-controlled permission-check parameter allows unauthenticated remote attackers to upload files of any type/extension, potentially leading to Remote Code Execution. Affected are all three templates: www, bip, and ww+bip. The under...

10CVSS7.2AI score0.00583EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/09 7:54 p.m.24 views

CVE-2025-58753

Copyparty vulnerability CVE-2025-58753 affects the Copyparty portable file server. The issue is a missing permission check in the shares feature (shr global option) that allowed access to other files in the same folder when a share was created for a single file, by guessing filenames. Subdirector...

7.5CVSS6.2AI score0.00344EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/21 2:20 p.m.72 views

CVE-2021-47285

CVE-2021-47285 has been rejected by the CNA and does not represent an active vulnerability entry.

6.8AI score
Exploits0
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

WordPress Plugin Paid Memberships Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

5.3CVSS6.5AI score0.00508EPSS
Exploits0References5
OSV
OSV
added 2021/06/30 12:3 a.m.11 views

GSD-2021-1000885 net/nfc/rawsock.c: fix a permission check bug

net/nfc/rawsock.c: fix a permission check bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...

7.1AI score
Exploits0
OSV
OSV
added 2021/06/30 12:3 a.m.8 views

UVI-2021-1000885 net/nfc/rawsock.c: fix a permission check bug

net/nfc/rawsock.c: fix a permission check bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...

7.1AI score
Exploits0
Rows per page
Query Builder