Lucene search
K

21955 matches found

Patchstack
Patchstack
added 2026/04/13 8:37 a.m.5 views

WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/13 2:55 a.m.126 views

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

9.1CVSS5.8AI score0.99621EPSS
Exploits58
OSV
OSV
added 2026/04/13 2:32 a.m.3 views

MINI-WG89-M8Q4-HXVJ

Bulletin has no description...

6.1CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.3 views

MINI-P6FV-34J8-VPG5

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.2 views

MINI-HJJH-VC7V-VJ8W

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.1 views

MINI-F324-QXRQ-JV5R

Bulletin has no description...

9CVSS5.7AI score0.00658EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.1 views

MINI-Q58W-G485-7WPC

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.105 views

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

8.8CVSS5.8AI score0.00331EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.99 views

📄 ChurchCRM Cross Site Scripting

ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...

8.5CVSS5.2AI score0.00164EPSS
Exploits3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32522

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.10 views

PT-2026-32282

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/12 11:23 p.m.4 views

WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/12 11:15 p.m.3 views

WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability

Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...

6.5CVSS5.8AI score0.00226EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/12 8:17 p.m.3 views

MINI-V6HH-PF76-C6H8

Bulletin has no description...

8.8CVSS5.7AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/04/12 8:17 p.m.2 views

MINI-694W-M6HX-8PVC

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/12 8:4 p.m.2 views

MINI-Q75W-F4PF-HJXW

Bulletin has no description...

7.5CVSS5.7AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/12 8:0 p.m.4 views

MINI-R9WG-FPV6-Q398

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/12 1:45 p.m.1 views

MINI-654P-55XW-Q343

Bulletin has no description...

6.1CVSS6.7AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/04/12 2:32 a.m.4 views

MINI-76WR-5PR2-57R6

Bulletin has no description...

7.5CVSS5.7AI score0.00621EPSS
Exploits0
Rows per page
Query Builder