Lucene search
K

13 matches found

CVE
CVE
added 2026/05/31 2:28 a.m.25 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.15 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 2:8 p.m.8 views

CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

OpenCTI 安全漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A security vulnerability exists in OpenCTI versions prior to 6.8.1, which stems from a lack of authorization checking in a GraphQL mutation that could lead to unauthorized resource deletion...

9.1CVSS6.4AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.7 views

WordPress plugin YaySMTP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

7.6CVSS7.7AI score0.00355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.7 views

PT-2024-35775 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 6.8.1 Description: A CSV injection issue allows attackers to execute arbitrary code via uploading a crafted CSV file. This is achieved by loading a specifically manipulated CSV file, enabling the execution of arbitrary code...

8.8CVSS8.4AI score0.00675EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.6 views

Taiga 安全漏洞

Taiga is a free open source project management tool from Taiga Open Source. A security vulnerability exists in Taiga version 6.8.1, which stems from the presence of an open redirection vulnerability that allows an attacker to redirect a user to an arbitrary website by appending a crafted link...

6.1CVSS6.6AI score0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Creativeitem Academy-LMS Security Vulnerability

Creativeitem Academy-LMS is an online learning platform from Creativeitem, Inc. A security vulnerability exists in Creativeitem Academy-LMS version v.6.8.1, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code and obtain sensitive informatio...

6.1CVSS6.9AI score0.00669EPSS
Exploits1References2
OSV
OSV
added 2024/03/26 2:15 p.m.7 views

UBUNTU-CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

6.1CVSS5.9AI score0.00722EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References18
Circl
Circl
added 2023/12/06 4:37 p.m.9 views

CVE-2016-6816

creationtimestamp| type| source ---|---|--- 2023-12-06 16:37:48+00:00| seen| https://t.me/arpsyndicate/1510...

7.1CVSS7.3AI score0.39633EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.3 views

PT-2023-23415 · Videogo · Videogo

Name of the Vulnerable Software and Affected Versions: Videogo version 6.8.1 Description: The issue is related to incorrect access control, allowing attackers to bind shared devices even after the connection has been ended. Recommendations: For version 6.8.1, update to a newer version that...

5.3CVSS5.3AI score0.00582EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/01 12:0 a.m.9 views

CVE-2023-29681

Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...

5.5AI score0.00401EPSS
Exploits1References2
Rows per page
Query Builder