Lucene search
K

4329 matches found

Patchstack
Patchstack
added 2026/03/20 9:54 a.m.7 views

WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 3:37 a.m.2 views

CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 3:37 a.m.9 views

CVE-2026-4136

CVE-2026-4136 concerns the WordPress plugin “Membership Plugin – Restrict Content” and its vulnerability to an unvalidated redirect in the password-reset flow. All versions up to 3.2.24 are affected due to insufficient validation on the redirect URL supplied via the ‘rcp_redirect’ parameter, enab...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:37 a.m.2 views

CVE-2026-4136

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 3:16 a.m.11 views

CVE-2026-33063

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

8.7CVSS0.00652EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 2:53 a.m.9 views

CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

8.7CVSS6.5AI score0.00652EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/20 2:46 a.m.4 views

CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...

8.7CVSS5.9AI score0.00674EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

WordPress plugin Membership Plugin – Restrict Content 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 10:6 p.m.6 views

CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...

6CVSS6AI score0.00315EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 8:5 p.m.4 views

GHSA-7C47-XR7Q-P6HG free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...

8.7CVSS5.9AI score0.00674EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/03/16 5:43 a.m.7 views

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is testing a new security feature as part of Android Advanced Protection Mode AAPM that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google ...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/13 8:3 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 1:46 a.m.4 views

Malicious Package

Overview restrict-imports is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/12 1:46 a.m.7 views

Malicious code in restrict-imports (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82360676317e6d9c2b69a82034af73f2008890871348fb45bc5b966f6aca03c The package restrict-imports was found to contain malicious code. Source: ghsa-malware e153e68a84a468be42de7a7c49af2d4e73778f4462d854be60a6e8baf03105...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/12 1:46 a.m.3 views

MAL-2026-1353 Malicious code in restrict-imports (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82360676317e6d9c2b69a82034af73f2008890871348fb45bc5b966f6aca03c The package restrict-imports was found to contain malicious code. Source: ghsa-malware e153e68a84a468be42de7a7c49af2d4e73778f4462d854be60a6e8baf03105...

5.7AI score
Exploits0References1
ICS
ICS
added 2026/03/10 7:0 a.m.5 views

Schneider Electric EcoStruxure Data Center Expert

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices: Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized...

7.5CVSS6.5AI score0.00679EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/05 7:30 a.m.4 views

CVE-2026-1321 Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the rcpsetupregistrationinit function accepting any membership level ID via the rcplevel POST parameter without validating that the leve...

8.1CVSS6AI score0.0035EPSS
Exploits0References7
CVE
CVE
added 2026/03/05 7:30 a.m.12 views

CVE-2026-1321

The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...

8.1CVSS6AI score0.0035EPSS
Exploits0References7
Rows per page
Query Builder