Lucene search
K

1019 matches found

CVE
CVE
added 2026/04/04 8:25 a.m.18 views

CVE-2026-3445

The CVE-2026-3445 entry documents a vulnerability in the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affecting all versions up to 4.16.11. Root cause: missing ownership verification on the change_plan_sub_i...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.12 views

PT-2026-30316

Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.12 Description The ProfilePress plugin for WordPress is susceptible to unauthorized membership payment bypass due to a missing ownership verification on the change plan sub id parameter within the process...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References5
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-47

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.6AI score0.00786EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2026/04/02 5:28 p.m.5 views

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers 1 introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and 2 pose "a severe...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/02 10:59 a.m.7 views

mariadb: MariaDB Server Crash

A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via improper handling of join operations in JOIN::fixallsplittingsinplan...

4.9CVSS6.6AI score0.00465EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.5 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS6AI score0.00255EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.4 views

EUVD-2026-17897

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

6.5CVSS5.9AI score0.00303EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.6 views

nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

4.3CVSS5.8AI score0.00245EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

9.9CVSS5.9AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.3 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

6.5CVSS5.9AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.7 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/17 9:25 a.m.128 views

Assignment

Assignment Sql injection on a...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 8:29 p.m.32 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:29 p.m.6 views

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2026/03/13 8:29 p.m.62 views

CVE-2026-32621

CVE-2026-32621 affects Apollo Federation’s gateway, with a root cause in query plan execution leading to possible pollution of Object.prototype. The advisory and CVE entry indicate the issue exists prior to fixes in versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, involving either crafted oper...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 7:16 p.m.2 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

6.5CVSS0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.4 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

5.9AI score0.0027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 12:0 a.m.1 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

5.8AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder