Lucene search
+L

621 matches found

Cvelist
Cvelist
added 2026/02/04 4:8 p.m.25 views

CVE-2026-23090 slimbus: core: fix device reference leak on report present

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/02/04 4:8 p.m.3 views

CVE-2026-23090 slimbus: core: fix device reference leak on report present

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

5.5CVSS5.2AI score0.00123EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/02/02 11:1 p.m.30 views

CVE-2025-6593 "{{SITENAME}} registered email address has been changed" email sent to unverified email addresses

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS0.00396EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.11 views

Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...

9.8CVSS6.1AI score0.85844EPSS
Exploits0References3
NVD
NVD
added 2026/01/27 8:16 p.m.9 views

CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS0.85844EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 7:18 p.m.179 views

CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS0.85844EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-5008

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.0.0 through 7.0.15 FortiAnalyzer versions 7.2.0 through 7.2.11 FortiAnalyzer versions 7.4.0 through 7.4.9 FortiAnalyzer versions 7.6.0 through 7.6.5 FortiManager versions 7.0.0 through 7.0.15 FortiManager versions 7.2....

10CVSS7.6AI score0.85844EPSS
Exploits0References243
Debian CVE
Debian CVE
added 2026/01/14 3:7 p.m.20 views

CVE-2025-71141

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...

5.5CVSS5.2AI score0.00117EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.7 views

CVE-2025-13369

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

6.1CVSS5.6AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.6 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS6.5AI score0.01477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.12 views

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...

6.1CVSS5.9AI score0.00413EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.5 views

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 8:21 a.m.21 views

CVE-2025-13493

CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 7:17 a.m.28 views

CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

6.1CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/01/07 7:17 a.m.15 views

CVE-2025-13369

CVE-2025-13369 concerns Premmerce WooCommerce Customers Manager for WordPress. The Wordfence report confirms a Reflected Cross-Site Scripting (XSS) vulnerability in the plugin, exploitable via the money_spent_from, money_spent_to, registered_from, and registered_to parameters in all versions up t...

6.1CVSS5.3AI score0.00269EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/07 6:55 a.m.10 views

WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...

7.5CVSS6.7AI score0.00283EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

WordPress plugin Latest Registered Users 安全漏洞

...

7.5CVSS6.7AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1588

Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...

7.5CVSS6.4AI score0.00283EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992724)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992724 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...

7.8CVSS6.4AI score0.00153EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992471 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...

7.8CVSS6.4AI score0.00153EPSS
Exploits0References4
Rows per page
Query Builder