Lucene search
+L

61 matches found

cvelist
cvelist
added 2026/07/01 4:55 p.m.36 views

CVE-2026-57720 WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS0.00203EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 3:16 p.m.7 views

CVE-2026-54834

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
osv
osv
added 2026/05/18 1:26 p.m.12 views

CLEANSTART-2026-AN27706 Security fixes for CVE-2026-22815, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-33175, CVE-2026-34052, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-44431, CVE-2026-44432, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-gc5v-m9x4-r6x2, ghsa-jr27-m4p2-rc6r, ghsa-m959-cc7f-wv43, ghsa-qjxf-f2mg-c6mc applied in versions: 4.3.2-r0, 4.3.2-r1, 4.3.2-r2, 4.3.2-r3

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS7.3AI score0.00803EPSS
Exploits2References43
vulnrichment
vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.16 views

PT-2026-40268

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.3CVSS5.8AI score0.00434EPSS
Exploits0References3
ibm
ibm
added 2026/05/05 9:58 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to versi...

6.3CVSS5.7AI score0.00154EPSS
Exploits0Affected Software1
osv
osv
added 2026/04/30 2:16 p.m.6 views

DEBIAN-CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References1
ibm
ibm
added 2026/04/28 7:25 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. T...

4.8CVSS5.1AI score0.00112EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/04/13 9:48 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

7.5CVSS5.9AI score0.004EPSS
Exploits0Affected Software1
snyk
snyk
added 2026/04/06 6:3 p.m.5 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

8.2CVSS5.7AI score0.02095EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/03/26 5:0 p.m.9 views

CVE-2026-22495

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
cve
cve
added 2026/03/13 11:42 a.m.14 views

CVE-2026-32447

The CVE concerns the WordPress Atarim plugin (atarim-visual-collaboration) with versions up to and including 4.3.2. The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unauthorized exposure or actions. Affected scope: Atarim...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References1
euvd
euvd
added 2026/03/12 2:22 a.m.8 views

EUVD-2026-11509

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-23802 WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through = 3.3.2...

9.1CVSS5.8AI score0.00465EPSS
Exploits0References1
osv
osv
added 2026/03/05 2:16 a.m.8 views

AZL-79391 CVE-2026-3381 affecting package kata-containers 3.19.1.kata2-6

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

9.8CVSS5.7AI score0.00548EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/02/19 8:35 p.m.4 views

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...

5.5AI score0.002EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.10 views

PT-2026-20294

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/01/23 12:0 a.m.11 views

WordPress plugin Edwiser Bridge has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 10:47 a.m.8 views

CVE-2022-31357

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit=...

9.8CVSS8.3AI score0.01026EPSS
Exploits1References1
Rows per page
Query Builder