Lucene search
K

461 matches found

CVE
CVE
added 2025/11/19 12:0 a.m.19 views

CVE-2025-63221

CVE-2025-63221 (Axel Technology puma devices) affects firmware versions 0.8.5–1.0.3. The vulnerability is due to broken access control from missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. An unauthenticated remote attacker can enumerate user accounts, create new administrative users...

9.1CVSS6.7AI score0.00487EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/18 9:30 a.m.6 views

EUVD-2025-197935

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

4.3CVSS4.7AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 9:15 a.m.15 views

CVE-2025-12961

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

4.3CVSS0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.6 views

CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

4.3CVSS0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.5 views

CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197943

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

4.3CVSS4.8AI score0.00108EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:27 a.m.11 views

CVE-2025-12827

CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...

4.3CVSS4.9AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.7 views

WordPress plugin WP Duplicate Page 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 6:2 p.m.1 views

MAL-2025-60158 Malicious code in conscious_salamander_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bf9a986880b0e84182e97794f72f1799cb308f941c11580b4d13a1b37ee67d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/07 12:19 a.m.25 views

CVE-2025-27919

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...

8.2CVSS7.1AI score0.00288EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/06 10:15 p.m.2 views

CVE-2025-12636 Ubia Ubox

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

7.1CVSS6.7AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2025/11/06 10:15 p.m.35 views

CVE-2025-12636

The CVE-2025-12636 affects Ubia/NVR Ubia camera ecosystem (notably Ubia Ubox). Root cause: insufficient protection of API credentials, enabling an attacker to connect to backend services. Impact (per sources): unauthorized access to cameras, allowing viewing live feeds and potential modification ...

7.1CVSS6.7AI score0.0025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.5 views

CVE-2025-12413

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...

5.4CVSS5.3AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.4 views

CVE-2025-12415

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...

6.1CVSS5.4AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.9 views

CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

6.1CVSS0.00142EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/25 5:31 a.m.4 views

EUVD-2025-35907

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.3CVSS4.9AI score0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/24 8:23 a.m.10 views

CVE-2025-11887 Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

4.3CVSS0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/11 12:30 p.m.5 views

EUVD-2025-33840

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...

4.3CVSS5AI score0.00151EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7755

Malware in sbrugna...

8CVSS8AI score0.00437EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6738

Malware in sbrugna...

7.5CVSS7.6AI score0.11019EPSS
Exploits0References4
Rows per page
Query Builder