Lucene search
+L

58 matches found

nuclei
nuclei
added yesterday16 views

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS6.2AI score0.01881EPSS
Exploits0References4
euvd
euvd
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36137

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References3
nvd
nvd
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53736

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS0.00104EPSS
Exploits0References2
cve
cve
added 2026/06/10 8:39 p.m.19 views

CVE-2026-53736

CVE-2026-53736 affects the Easy Twitter Feeds WordPress plugin prior to 1.2.13. The issue is a cross-site request forgery in the duplicate_post action handler that lacks nonce verification. An attacker could entice an authenticated user to visit a crafted link that duplicates posts regardless of ...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/10 1:59 p.m.7 views

CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
osv
osv
added 2026/06/10 1:59 p.m.3 views

CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS6AI score0.00199EPSS
Exploits0References3
cve
cve
added 2026/06/10 1:59 p.m.28 views

CVE-2026-45549

CVE-2026-45549 affects Roxy-WI web interface for managing HAProxy/Nginx/Apache/Keepalived. In versions 8.2.6.4 and prior, the code path agent_action (app/routes/smon/agent_routes.py:166-179) uses @bp.post('/agent/action/') and @jwt_required() with no role or group ownership check on the server_ip...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.20 views

PT-2026-48550

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Do not clone flow post-action attributes a second time. The code already clones post-action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is an error remaining from the original...

5.4AI score0.00168EPSS
Exploits0References1
nvd
nvd
added 2026/04/08 7:16 a.m.5 views

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS0.00342EPSS
Exploits0References7
nvd
nvd
added 2026/03/24 6:16 p.m.5 views

CVE-2026-33162

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

7.1CVSS0.00288EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/31 1:58 p.m.4 views

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

5.8CVSS5.6AI score0.00168EPSS
Exploits0References4
susecve
susecve
added 2025/12/31 12:27 a.m.3 views

SUSE CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

7CVSS6.8AI score0.00168EPSS
Exploits0References6
nessus
nessus
added 2025/12/31 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-54262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another...

7.5AI score0.00168EPSS
Exploits0References3
euvd
euvd
added 2025/12/30 3:30 p.m.4 views

EUVD-2023-60379

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

6.3AI score0.00168EPSS
Exploits0References5
nvd
nvd
added 2025/12/30 1:16 p.m.4 views

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

0.00168EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2025/12/30 1:16 p.m.3 views

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

5.7AI score0.00168EPSS
Exploits0References6
osv
osv
added 2025/12/30 1:16 p.m.6 views

UBUNTU-CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

5.7AI score0.00168EPSS
Exploits0References7
cvelist
cvelist
added 2025/12/30 12:15 p.m.22 views

CVE-2023-54262 net/mlx5e: Don't clone flow post action attributes second time

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

0.00168EPSS
Exploits0References4
debiancve
debiancve
added 2025/12/30 12:15 p.m.4 views

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

5.3AI score0.00168EPSS
Exploits0
Rows per page
Query Builder