Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 2:29 a.m.9 views

CVE-2026-11775

The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifieroptionspage function. This makes it possible for unauthenticated attackers to rese...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability that stems from unauthorized inspections, which may lead to the resetting of database configurations...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 a.m.8 views

EUVD-2023-60232

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafte...

8.7CVSS6.6AI score0.00456EPSS
Exploits2References6
OSV
OSV
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53970

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafte...

8.7CVSS5.8AI score0.00456EPSS
Exploits2References5
NVD
NVD
added 2025/12/22 10:16 p.m.6 views

CVE-2023-53970

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafte...

8.7CVSS0.00456EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-30450

Malicious code in bioql PyPI...

6.5CVSS7AI score0.00891EPSS
Exploits5References1
OSV
OSV
added 2025/07/08 11:15 a.m.7 views

CVE-2025-20997

Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.5 views

CVE-2022-25810

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable th...

6.5CVSS6.8AI score0.00891EPSS
Exploits5References2
OSV
OSV
added 2022/08/22 3:15 p.m.7 views

CVE-2022-25810

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable th...

6.5CVSS6.9AI score0.00891EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS0.5AI score0.00891EPSS
Exploits5Affected Software1
Rows per page
Query Builder