Lucene search
K

8338 matches found

NVD
NVD
added 2025/08/28 4:15 a.m.11 views

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 3:42 a.m.1 views

CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS5.4AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2025/08/28 3:42 a.m.24 views

CVE-2025-0951

Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...

4.3CVSS6.8AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 3:42 a.m.12 views

CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

4.3CVSS0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-35076

Name of the Vulnerable Software and Affected Versions: bPlugins B Slider versions through 1.1.30 Description: The software contains a missing authorization issue that allows exploiting incorrectly configured access control security levels. Recommendations: At the moment, there is no information...

5.8CVSS6.1AI score0.00203EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/08/28 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.00578EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/28 12:0 a.m.5 views

Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.2 / 10.10.0 (MMSA-2025-00500)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00500 advisory. - Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.9, 9.11.x = 9.11.18 fail to properly validate file paths during plugin import operation...

6.8CVSS5.5AI score0.00461EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/28 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7716-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS7.5AI score0.00428EPSS
Exploits3References2
Patchstack
Patchstack
added 2025/08/27 11:56 p.m.6 views

WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...

4.3CVSS7AI score0.00182EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/27 11:12 p.m.5 views

MAL-2025-41441 Malicious code in @nx/node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2af988f9c4fc2229b1c898c346bb959612eb11fe9a5065e686c47328bee221e0 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

9.6CVSS7.6AI score0.00527EPSS
Exploits0References2
NVD
NVD
added 2025/08/27 6:15 p.m.2 views

CVE-2025-58202

Cross-Site Request Forgery CSRF vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through = 1.0.32...

4.3CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 5:45 p.m.12 views

CVE-2025-58202

CVE-2025-58202 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Page Access Restriction , affecting versions up to and including 1.0.32 . The CVE notes a CSRF flaw that could allow unauthorized actions on behalf of authenticated users; the published CVSS ...

4.3CVSS5.9AI score0.00119EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/08/27 1:12 a.m.5 views

@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)

nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...

9.6CVSS5.8AI score0.00527EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/27 1:12 a.m.7 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/config (>=0.0.4 <=0.0.34) +177 more potentially affected by CVE-2025-10894 via @nx/workspace (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/workspace NPM version =20.0.0-beta.0, =0.0.4, =0.0.47, =0.0.1, =0.0.2, =0.0.4, =0.0.9, =0.0.0, =1.0.0, =1.0.0, =0.5.0, =0.4.1, =0.4.6 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...

9.6CVSS5.8AI score0.00527EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-39354

Name of the Vulnerable Software and Affected Versions Nx affected versions not specified Description A malicious code insertion occurred within the Nx build system package and associated plugins, distributed through the npm software registry as part of a supply-chain attack. The compromised...

9.6CVSS7.5AI score0.00527EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.9 views

TencentOS Server 4: gstreamer1-plugins-good (TSSA-2025:0705)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0705 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.1CVSS7.8AI score0.00578EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : GStreamer Good Plugins vulnerabilities (USN-7717-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7717-1 advisory. Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these...

8.1CVSS7.7AI score0.00578EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-13351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a double file descriptor close issue during a...

8.1CVSS7.6AI score0.017EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2025/08/26 1:18 p.m.5 views

USN-7717-1: GStreamer Good Plugins vulnerabilities

Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly disclose sensitive information...

8.1CVSS6.5AI score0.00578EPSS
Exploits2
OSV
OSV
added 2025/08/26 1:18 p.m.2 views

USN-7717-1 gst-plugins-good1.0 vulnerabilities

Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly disclose sensitive information...

8.1CVSS5.8AI score0.00578EPSS
Exploits2References3
Rows per page
Query Builder