Lucene search
K

9 matches found

NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 6:0 a.m.27 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:0 a.m.14 views

CVE-2026-8383

The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...

5.3CVSS5.2AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50244

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References3
Circl
Circl
added 2025/07/28 3:40 p.m.15 views

CVE-2025-4056

creationtimestamp| type| source ---|---|--- 2025-07-28 15:40:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luzwj5k2io2q 2026-01-08 05:04:36+00:00| seen| Telegram/WxrxB6nrBwZwliVPEyx9PqLlLqeacusuGOqkaC87KoVWLg0 2026-02-02 14:20:51+00:00| seen|...

7.5CVSS4.5AI score0.00436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/12 6:50 p.m.10 views

CVE-2025-49578 Citizen allows stored XSS in user registration date message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.8AI score0.0035EPSS
Exploits1References3
Circl
Circl
added 2025/06/11 10:35 a.m.17 views

CVE-2025-4315

creationtimestamp| type| source ---|---|--- 2025-06-11 10:35:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18064 2025-06-11 11:03:08+00:00| seen| Telegram/NGz98OHuB76pMx88tOKfrQtc8XVIqKfHlr0e5BI3wIw-X8 2025-06-11 11:03:35+00:00| seen| Telegram/buh-ut9DiubPByy1siFNTwRZbQngXllC1XVuRrrneGPkx...

8.8CVSS5.7AI score0.00447EPSS
Exploits0References2
Circl
Circl
added 2024/10/22 8:28 p.m.17 views

CVE-2024-46538

creationtimestamp| type| source ---|---|--- 2024-10-22 20:28:40+00:00| seen| https://t.me/cvedetector/8638 2024-10-23 16:22:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8817 2024-10-23 17:44:48+00:00| published-proof-of-concept| https://t.me/proxybar/2323 2024-10-23...

9.3CVSS5.7AI score0.77891EPSS
Exploits3References35
Packet Storm
Packet Storm
added 2024/10/04 12:0 a.m.263 views

Transport Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Transport Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Rows per page
Query Builder