Lucene search
K

21946 matches found

CVE
CVE
added 2026/04/15 10:21 a.m.9 views

CVE-2026-40737

The CVE concerns WordPress COMPE plugin

5.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/15 3:41 a.m.6 views

WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Insecure Direct Object Reference vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...

4.3CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/15 3:17 a.m.4 views

MINI-CMMW-4R52-25V7

Bulletin has no description...

6.1CVSS5.7AI score0.0024EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.33 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.4 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-34562

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...

6.9CVSS5.1AI score0.00297EPSS
Exploits0References17
CNVD
CNVD
added 2026/04/15 12:0 a.m.7 views

Adobe Framemaker Out-of-Bounds Read Vulnerability (CNVD-2026-19997)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause...

7.8CVSS6.2AI score0.00173EPSS
Exploits0
Circl
Circl
added 2026/04/14 11:54 p.m.7 views

CVE-2017-8625

creationtimestamp| type| source ---|---|--- 2026-04-14 23:54:15+00:00| seen| https://gist.github.com/Jere7/d88eaa16f205413c550fd1409011e92c...

8.8CVSS7.3AI score0.15257EPSS
Exploits4References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:42 p.m.7 views

Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

5.8AI score
Exploits0References3Affected Software3
NVD
NVD
added 2026/04/14 11:16 p.m.6 views

CVE-2026-33023

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...

7.8CVSS0.00289EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:49 p.m.8 views

WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens

Summary The endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream configurations, including third-party platform stream keys and OAut...

6.5CVSS6AI score0.00269EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/14 10:16 p.m.7 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 10:16 p.m.4 views

CVE-2026-34602

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS0.00203EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 10:16 p.m.1 views

UBUNTU-CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:5 p.m.6 views

CVE-2026-33023

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...

7.8CVSS5.8AI score0.00289EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:45 p.m.20 views

CVE-2026-33018 libsixel: Use-After-Free in load_gif()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS0.00191EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 9:45 p.m.16 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame-&gt;pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:29 p.m.21 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS0.00203EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/14 9:29 p.m.3 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5
CVE
CVE
added 2026/04/14 9:29 p.m.12 views

CVE-2026-34602

Chamilo LMS is affected by an IDOR in the /api/course_rel_users endpoint prior to version 2.0.0-RC.3. An authenticated attacker can modify the user parameter in the request body to enroll arbitrary users into courses without proper authorization checks, bypassing enrollment controls and potential...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder