CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS6AI score0.01881EPSS

Exploits0References4

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Do not clone flow post-action attributes a second time. The code already clones post-action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is an error remaining from the original...

5.4AI score0.00168EPSS

Exploits0References1

EUVD•added 2026/06/11 12:32 a.m.•7 views

EUVD-2026-36137

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS

Exploits0References3

NVD•added 2026/06/10 10:17 p.m.•10 views

CVE-2026-53736

5.1CVSS0.00104EPSS

Exploits0References2

CVE•added 2026/06/10 8:39 p.m.•13 views

CVE-2026-53736

CVE-2026-53736 affects the Easy Twitter Feeds WordPress plugin prior to 1.2.13. The issue is a cross-site request forgery in the duplicate_post action handler that lacks nonce verification. An attacker could entice an authenticated user to visit a crafted link that duplicates posts regardless of ...

5.1CVSS5.3AI score0.00104EPSS

Exploits0References2

Vulnrichment•added 2026/06/10 1:59 p.m.•6 views

CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS

Exploits0References1

CVE•added 2026/06/10 1:59 p.m.•17 views

CVE-2026-45549

CVE-2026-45549 affects Roxy-WI web interface for managing HAProxy/Nginx/Apache/Keepalived. In versions 8.2.6.4 and prior, the code path agent_action (app/routes/smon/agent_routes.py:166-179) uses @bp.post('/agent/action/') and @jwt_required() with no role or group ownership check on the server_ip...

8.5CVSS5.5AI score0.00199EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•8 views

PT-2026-48550

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS

Exploits0References3

NVD•added 2026/04/08 7:16 a.m.•3 views

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS0.00342EPSS

Exploits0References7

NVD•added 2026/03/24 6:16 p.m.•3 views

CVE-2026-33162

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

7.1CVSS0.00288EPSS

Exploits0References3

RedhatCVE•added 2025/12/31 1:58 p.m.•2 views

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

5.8CVSS5.6AI score0.00168EPSS

Exploits0References4

SUSE CVE•added 2025/12/31 12:27 a.m.•1 views

SUSE CVE-2023-54262

7CVSS6.8AI score0.00168EPSS

Exploits0References6

Tenable Nessus•added 2025/12/31 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2023-54262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another...

7.5AI score0.00168EPSS

Exploits0References3

EUVD•added 2025/12/30 3:30 p.m.•3 views

EUVD-2023-60379

6.3AI score0.00168EPSS

Exploits0References5

NVD•added 2025/12/30 1:16 p.m.•3 views

CVE-2023-54262

0.00168EPSS

Exploits0References4

UbuntuCve•added 2025/12/30 1:16 p.m.•1 views

CVE-2023-54262

5.7AI score0.00168EPSS

Exploits0References6

OSV•added 2025/12/30 1:16 p.m.•3 views

UBUNTU-CVE-2023-54262

5.7AI score0.00168EPSS

Exploits0References7

OSV•added 2025/12/30 12:15 p.m.•2 views

CVE-2023-54262 net/mlx5e: Don't clone flow post action attributes second time

6.7AI score0.00168EPSS

Exploits0References7

Cvelist•added 2025/12/30 12:15 p.m.•21 views

CVE-2023-54262 net/mlx5e: Don't clone flow post action attributes second time

0.00168EPSS

Exploits0References4

CVE•added 2025/12/30 12:15 p.m.•15 views

CVE-2023-54262

CVE-2023-54262 affects the Linux kernel’s mlx5 networking stack (net/mlx5e). The issue arises from cloning flow post-action attributes twice: mlx5e_clone_flow_attr_for_post_act() already clones, and mlx5e_tc_post_act_add() clones again, creating a double-copy that can lead to a use-after-free in ...

6.4AI score0.00168EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by