6182 matches found
CVE-2026-1254
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
CVE-2026-1254
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
PT-2026-8047
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...
PT-2026-8098
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API...
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin = 2.13.6 - Missing Authorization to Authenticated Contributor+ Arbitrary Post/Page Editing vulnerability discovered by type5afe in WordPress Plugin Modula Image Gallery versions = 2.13.6...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
GHSA-8WC6-VGRQ-X6CF
creationtimestamp| type| source ---|---|--- 2026-02-13 09:47:36+00:00| seen| https://bsky.app/profile/renovatebot.com/post/3meq7zfb6b22w 2026-02-13 09:47:37+00:00| seen| https://bsky.app/profile/renovatebot.com/post/3meq7zfbg322w 2026-02-14 14:10:28+00:00| seen|...
CVE-2026-21521
creationtimestamp| type| source ---|---|--- 2026-02-13 04:55:23+00:00| seen| https://bsky.app/profile/yourlamentablefriends.com/post/3meppoqajec2e 2026-02-13 04:55:29+00:00| seen| https://bsky.app/profile/yourlamentablefriends.com/post/3mepposicac2e 2026-02-13 04:55:33+00:00| seen|...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.1.2 and earlier of the 11.1.x series, as well as versions 10.11.9 and earlier of the 10.11.x series, and 11.2.1 and earlier of the 11.2.x series. These...
PT-2026-7985
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate user permissions when creating Jira issues from Mattermost post...
CVE-2026-26217
creationtimestamp| type| source ---|---|--- 2026-02-12 16:00:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meoeev3veh2u 2026-02-12 16:00:20+00:00| seen| https://infosec.exchange/users/offseq/statuses/116058489848351725 2026-02-13 09:23:33+00:00| seen|...
CVE-2025-14014
creationtimestamp| type| source ---|---|--- 2026-02-12 15:51:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meoduiqdr323 2026-02-12 15:52:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meodw5kv6v2v...
CVE-2026-1104
creationtimestamp| type| source ---|---|--- 2026-02-12 15:51:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meodubg5xh22 2026-02-12 15:51:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meodvwpncu2g...
CVE-2025-10969
creationtimestamp| type| source ---|---|--- 2026-02-12 14:19:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6qfj3az25 2026-02-12 14:20:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6sispdb24 2026-02-12 14:23:04+00:00| seen|...
CVE-2026-2007
creationtimestamp| type| source ---|---|--- 2026-02-12 14:19:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6q6pof52g 2026-02-12 14:19:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6qzakzl2r 2026-02-13 15:05:18+00:00| seen|...
CVE-2026-2006
creationtimestamp| type| source ---|---|--- 2026-02-12 14:18:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6p6h2br25 2026-02-12 14:19:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meo6pxuj7e2g 2026-02-13 15:05:17+00:00| seen|...
CVE-2019-25306
creationtimestamp| type| source ---|---|--- 2026-02-12 14:16:18+00:00| seen| https://bsky.app/profile/postacc.bsky.social/post/3meo6kxhekw2u 2026-02-12 14:23:34+00:00| seen| https://bsky.app/profile/postacc.bsky.social/post/3meo6xwvnkp2u 2026-02-12 14:32:29+00:00| seen|...
CVE-2026-2295
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...