2789 matches found
CVE-2026-4058
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...
GHSA-CJ8G-PRCM-MFG5 @hulumi/baseline: AccountFoundation reuse paths silently downgrade GuardDuty / Security Hub posture
Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-693 Protection Mechanism Failure Summary AccountFoundation can either create AWS detective services GuardDuty for threat detection, Security Hub for compliance dashboards or reuse pre-existing ones via opt-in flags. The...
PT-2026-48479
Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-693 Protection Mechanism Failure Summary AccountFoundation can either create AWS detective services GuardDuty for threat detection, Security Hub for compliance dashboards or reuse pre-existing ones via opt-in flags. The...
CVE-2026-4058
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...
CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...
CVE-2026-4058
The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...
EUVD-2026-35388
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...
CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...
Security fix: Addressing a low-impact Pinboards vulnerability
News, Security Security fix: Addressing a low-impact Pinboards vulnerability Share June 9th, 2026 Hi Opera users, Recently, an independent security researcher responsibly disclosed a vulnerability in Opera’s Pinboards feature, which helped our team to quickly work on a fix. The vulnerability...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office Sharepoint Server 输入验证错误漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a injection vulnerability present in Microsoft Office SharePoint. Attackers exploit this vulnerability to execute cross-site scripting attacks. The...
Microsoft Exchange Server 跨站脚本漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers exploit this...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There is a code injection vulnerability in Microsoft Exchange Server. Attackers can explo...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...