Lucene search
K

1114 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58252

A flaw was found in NATS Server. An authenticated user could bypass configured access restrictions and receive messages on subjects that were explicitly denied. This occurs when a wildcard subscription overlaps with a wildcard deny rule but is not a direct subset, or when queue subscriptions...

6.5CVSS6AI score0.00465EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58251

A flaw was found in NATS Server, a high-performance messaging system. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that...

6.5CVSS6AI score0.00488EPSS
Exploits0References10
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00488EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00488EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-58252

CVE-2026-58252 affects NATS Server prior to versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it; queue subscriptions could also affect delivery...

6.5CVSS6AI score0.00465EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42229

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the paymentpage function due to missing validation on the 'userid' user...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56564

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user can receive messages on denied subjects. This occurs when a wildcard subscription overlaps with a...

6.5CVSS6.1AI score0.00465EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56537

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user with subscription deny permissions can bypass a plain subject deny rule by utilizing a queue...

6.5CVSS6.1AI score0.00488EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/07/06 2:23 p.m.5 views

WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More versions = 2.2.0...

6.5CVSS5.9AI score0.00351EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57348

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57348

CVE-2026-57348 affects WordPress plugin Paid Member Subscriptions (versions &lt;= 3.0.4). An unauthenticated server-side request forgery (SSRF) vulnerability exists in this plugin, enabling an attacker to induce the server to fetch arbitrary resources. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C...

7.2CVSS5.8AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-10820

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

8.1CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/06/27 6:0 a.m.19 views

CVE-2026-10820

The CVE-2026-10820 entry concerns the WordPress plugin family “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content” prior to version 4.16.17. The root cause is Insecure Direct Object Reference (IDOR): the system does not verify that the user init...

8.1CVSS5.8AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56061

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56061 WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39715

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56061

CVE-2026-56061 concerns the WordPress Subscriptions for WooCommerce plugin, affected versions

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder