Lucene search
K

1108 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58252

A flaw was found in NATS Server. An authenticated user could bypass configured access restrictions and receive messages on subjects that were explicitly denied. This occurs when a wildcard subscription overlaps with a wildcard deny rule but is not a direct subset, or when queue subscriptions...

6.5CVSS6AI score0.00465EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58251

A flaw was found in NATS Server, a high-performance messaging system. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that...

6.5CVSS6AI score0.00488EPSS
Exploits0References10
CVE
CVE
added 6 days ago13 views

CVE-2026-58252

CVE-2026-58252 affects NATS Server prior to versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it; queue subscriptions could also affect delivery...

6.5CVSS6AI score0.00465EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42229

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the paymentpage function due to missing validation on the 'userid' user...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/06 2:23 p.m.5 views

WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More versions = 2.2.0...

6.5CVSS5.9AI score0.00351EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57348

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57348

CVE-2026-57348 affects WordPress plugin Paid Member Subscriptions (versions &lt;= 3.0.4). An unauthenticated server-side request forgery (SSRF) vulnerability exists in this plugin, enabling an attacker to induce the server to fetch arbitrary resources. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C...

7.2CVSS5.8AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-10820

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

8.1CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/06/27 6:0 a.m.19 views

CVE-2026-10820

The CVE-2026-10820 entry concerns the WordPress plugin family “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content” prior to version 4.16.17. The root cause is Insecure Direct Object Reference (IDOR): the system does not verify that the user init...

8.1CVSS5.8AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56061

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56061 WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39715

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56061

CVE-2026-56061 concerns the WordPress Subscriptions for WooCommerce plugin, affected versions

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52768

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions prior to 1.9.6 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update to a version newer than 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/25 1:4 p.m.4 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/22 1:40 p.m.38 views

CVE-2026-6062

CVE-2026-6062 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, and 10.11.x ≤ 10.11.17. The issue is a logic flaw where the system fails to validate channel ownership of an existing subscription before applying edits, enabling an authenticated attacker to hijack subsc...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:40 p.m.8 views

EUVD-2026-38250

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 8:13 p.m.5 views

GHSA-FCVX-5CXC-V5P8 OpenClaw: Slack reaction events could ignore reaction notification settings

Summary Slack reaction events could ignore reaction notification settings. In affected versions, a Slack reaction event delivered to the configured app could enter the agent pipeline even when reaction notifications were disabled. This advisory is scoped to the named feature and configuration. It...

6.3CVSS5.6AI score0.00191EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 9:34 p.m.3 views

GHSA-99F9-J8R3-P853 Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References7
Rows per page
Query Builder