Lucene search
+L

110 matches found

Patchstack
Patchstack
added 2026/03/07 12:16 a.m.9 views

WordPress Greenshift plugin <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' vulnerability

Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspbelreusableload' vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Greenshift versions = 12.8.3...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

WordPress plugin Greenshift – animation and page builder blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References6
CVE
CVE
added 2026/03/06 11:22 p.m.16 views

CVE-2026-2371

Summary (CVE-2026-2371) The Greenshift – animation and page builder blocks WordPress plugin versions up to and including 12.8.3 are vulnerable to an insecure direct object reference in the gspb_el_reusable_load AJAX handler. The handler accepts an arbitrary post_id and renders the content of any ...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/06 11:22 p.m.31 views

CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...

5.3CVSS0.00305EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/06 11:22 p.m.2 views

CVE-2026-2371

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/06 11:22 p.m.3 views

CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23762

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspb el reusable load AJAX handler. The handler accepts an...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/03 6:31 p.m.8 views

EUVD-2026-5194

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.3CVSS6.1AI score0.00413EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.18 views

EUVD-2026-5198

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS6AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.6 views

EUVD-2026-5202

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.12 views

PT-2026-5242

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4 Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages,...

4.8CVSS5.4AI score0.00138EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/08 10:7 a.m.38 views

CVE-2025-14819 OpenSSL partial chain store policy bypass

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

0.00679EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/06 12:0 a.m.6 views

Quantum Key Distribution without Authentication and Information Leakage

Quantum key distribution QKD is the most widely studied quantum cryptographic model that exploits quantum effects to achieve information-theoretically secure key establishment. Conventional QKD contains public classical post-processing steps that require authentication to prevent impersonation an...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/12/09 6:30 p.m.9 views

EUVD-2022-55737

In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4xattrblockset where we constantly keep finding xattr block for reuse in mbcache but we are unable to...

5.9AI score0.0022EPSS
Exploits0References8
EUVD
EUVD
added 2025/11/25 12:13 a.m.5 views

EUVD-2025-199340

Malicious code in @alexadark/reusable-functions npm...

6.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/13 5:29 p.m.1 views

CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

6.9CVSS6.3AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2025/10/13 5:29 p.m.3 views

CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

6.9CVSS6.7AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-24814

Malicious code in bioql PyPI...

8.5CVSS6.5AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58031

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-31347

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00303EPSS
Exploits0References1
Rows per page
Query Builder