Lucene search
K

2978 matches found

NVD
NVD
added 2026/04/09 5:16 a.m.4 views

CVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS0.03092EPSS
Exploits3References4
CVE
CVE
added 2026/04/09 3:25 a.m.15 views

CVE-2026-1830

The CVE concerns the WordPress plugin Quick Playground (version range: all up to 1.3.1). The vulnerability arises from insufficient authorization checks on REST API endpoints that expose a sync code and permit arbitrary file uploads, enabling unauthenticated Remote Code Execution . Attackers coul...

9.8CVSS6.7AI score0.03092EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/04/09 3:25 a.m.3 views

CVE-2026-1830 Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS6.7AI score0.03092EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:25 a.m.7 views

CVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS6.7AI score0.03092EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/04/09 3:25 a.m.40 views

CVE-2026-1830 Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

9.8CVSS0.03092EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31577

Name of the Vulnerable Software and Affected Versions The Quick Playground plugin for WordPress versions up to and including 1.3.1 Description The Quick Playground plugin for WordPress is susceptible to Remote Code Execution due to inadequate authorization checks on REST API endpoints. These...

9.8CVSS6.6AI score0.03092EPSS
Exploits3References14
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

WordPress plugin Quick Playground 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6.2AI score0.03092EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/04/07 4:8 p.m.3 views

Intel (R): From CVEorg collector

Missing protection mechanism for alternate hardware interface in the Intel® Quick Assist Technology for some Intel® Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of...

7.9CVSS5.8AI score0.00151EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/04/07 11:57 a.m.6 views

Traffic violation scams swap links for QR codes to steal your card details

As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.3 views

CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

8.8CVSS5.9AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:31 p.m.3 views

EUVD-2026-17867

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 11:15 a.m.6 views

CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

8.8CVSS0.00236EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/01 11:15 a.m.4 views

CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

8.8CVSS5.9AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 11:15 a.m.3 views

UBUNTU-CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

8.8CVSS5.8AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 10:7 a.m.2 views

CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 10:7 a.m.13 views

CVE-2026-24096

CVE-2026-24096 affects Checkmk and stems from insufficient permission validation on multiple REST API Quick Setup endpoints. The vulnerability allows low-privileged users to perform unauthorized actions or obtain sensitive information in Checkmk 2.5.0 (beta) before 2.5.0b2 and 2.4.0 before 2.4.0p...

8.8CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.3 views

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

9CVSS7.8AI score0.00632EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b2 and 2.4.0p25 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission validation for multiple REST API quick-setup endpoints, which could allow...

8.8CVSS5.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-4961

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS7.9AI score0.00773EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 5:16 p.m.3 views

CVE-2026-4961

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS0.00773EPSS
Exploits1References5
Rows per page
Query Builder