Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51690

Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/04 1:34 p.m.34 views

CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as $validationError === null && POST || DELETE, meaning a DELETE request...

7.9CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 11:51 p.m.4 views

CVE-2026-40581 ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

8.1CVSS5.7AI score0.00199EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/11 5:1 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the api/internal/sftp-event endpoint. An attacker can remove database records associated with media files by crafting custom HTTP requests that simulate internal SFTP events, provided they have knowledge of vali...

6.3CVSS6.8AI score0.00205EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-1980

Malware in sbrugna...

6.8CVSS6.4AI score0.01465EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.8 views

CVE-2024-23751

LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

9.8CVSS7.7AI score0.00654EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.10 views

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

8.8CVSS6.9AI score0.00389EPSS
Exploits2References1
Prion
Prion
added 2022/11/29 9:15 p.m.14 views

Cross site request forgery (csrf)

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...

4.3CVSS6.2AI score0.0042EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.5 views

PT-2022-24635 · WordPress · Wp-Affiliate-Platform

Name of the Vulnerable Software and Affected Versions: WP Affiliate Platform plugin for WordPress versions up to, and including, 6.3.9 Description: The issue is due to missing or incorrect nonce validation on various functions, including the affiliates menu method. This allows unauthenticated...

8.8CVSS6.8AI score0.0042EPSS
Exploits0References6
wpexploit
wpexploit
added 2021/07/30 12:0 a.m.678 views

JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection

The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues https://example.com/wp-admin/admin.php?page=jiangqieowfreefeedback&action=detail&id=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29 Could also make a logged i...

8.8CVSS1.1AI score0.01608EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.5 views

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from ISC USA. A security vulnerability exists in ISC BIND that causes the receiving named server to inadvertently delete SOA records for problematic zones from the zone database...

6.5CVSS7AI score0.0594EPSS
Exploits0References34
Prion
Prion
added 2015/03/09 4:59 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...

6.8CVSS7.6AI score0.01465EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder