Lucene search
K

662 matches found

Cvelist
Cvelist
added 2026/03/25 4:14 p.m.39 views

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.15 views

CVE-2026-32495

CVE-2026-32495 is a Missing Authorization vulnerability impacting the WP Terms Popup (WP Terms Popup) WordPress plugin, affecting versions from unknown up to and including 2.10.0. The root cause is an incorrectly configured access control security level (Missing Authorization), which can allow an...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

5.8AI score0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.5 views

CVE-2026-32495

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

5.8AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28009

Name of the Vulnerable Software and Affected Versions WP Terms Popup versions through 2.10.0 Description An authorization issue exists in WP Terms Popup. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update WP Terms Popup to a version later...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin WP Terms Popup 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 6:16 p.m.6 views

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

9.1CVSS0.00369EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:40 p.m.8 views

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

8.3CVSS5.8AI score0.00369EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/24 5:40 p.m.2 views

EUVD-2026-14948

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

8.3CVSS5.8AI score0.00369EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/24 5:40 p.m.16 views

CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

8.3CVSS0.00369EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27471

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...

8.3CVSS5.8AI score0.00369EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 10:16 p.m.15 views

CVE-2026-33177

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 9:41 p.m.2 views

CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:41 p.m.6 views

CVE-2026-33177

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 9:41 p.m.22 views

CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 9:41 p.m.14 views

CVE-2026-33177

CVE-2026-33177 affects Statamic CMS (Laravel/Git-powered). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could bypass authorization by submitting requests to the field action processing endpoint with attacker-controlled field definitions, enabling creation of taxonomy te...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/20 9:41 p.m.2 views

CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/20 5:55 p.m.7 views

WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Terms Popup versions = 2.10.0...

7.5CVSS5.8AI score0.00287EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 8:0 p.m.7 views

Statamic is missing authorization check on taxonomy term creation via fieldtype

Impact Low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. Patches This has been...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26205

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder