Lucene search
K

1017 matches found

EUVD
EUVD
added 2026/03/11 3:31 a.m.4 views

EUVD-2026-11073

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/11 2:22 a.m.5 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/11 2:22 a.m.4 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 2:22 a.m.29 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 2:22 a.m.4 views

EUVD-2026-11074

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 2:22 a.m.15 views

CVE-2026-3453

Affected software: ProfilePress plugin for WordPress (versions up to and including 4.16.11). Vulnerability details: Insecure Direct Object Reference due to missing ownership validation on the change_plan_sub_id parameter in process_checkout()’s AJAX handler. The handler loads a subscription and c...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 12:0 a.m.11 views

CVE-2025-66956

CVE-2025-66956 affects Asseco SEE Live 2.0’s Contact Plan, E-Mail, SMS and Fax components. Insecure access control permits remote attackers to access and execute attachments via a computable URL. Root cause is described as improper authorization checks in these components; the impact is remote ac...

9.9CVSS5.9AI score0.00485EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24568

Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...

8.1CVSS5.9AI score0.00379EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.3 views

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

5.9AI score0.00485EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.28 views

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

0.00485EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.1 views

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

9.9CVSS5.9AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Asseco SEE Live 安全漏洞

Asseco SEE Live is a real-time customer interaction and notification management system for financial services offered by the Polish company Asseco. Version 2.0 of Asseco SEE Live contains a security vulnerability. This vulnerability stems from improper access control in the Contact Plan, E-Mail,...

9.9CVSS5.9AI score0.00485EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/03/08 8:8 a.m.20 views

Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription

A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2025-30413

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

4.4CVSS5.8AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2025-11790

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

4.4CVSS5.8AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:31 a.m.7 views

EUVD-2025-208333

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

4.4CVSS5.9AI score0.00153EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 12:31 a.m.6 views

EUVD-2025-208330

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

4.4CVSS5.9AI score0.00114EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 12:16 a.m.7 views

CVE-2025-30413

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

4.4CVSS5.8AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 12:16 a.m.6 views

CVE-2025-30413

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

4.4CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 12:16 a.m.4 views

CVE-2025-11790

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

4.4CVSS5.8AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder