Lucene search
K

19 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 1:18 a.m.1 views

CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 1:13 a.m.11 views

CVE-2026-32873

CVE-2026-32873 affects the Gleam-based web server ewe (versions 0.8.0–3.0.4). The bug in handle_trailers causes an infinite loop when encountering rejected trailers by recursively re-parsing the same header (using rest) instead of advancing past it (Buffer(header_rest, 0)). This leads to a perman...

7.5CVSS6AI score0.00599EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.25 views

CVE-2025-69388 WordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...

6.5CVSS0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.7 views

CVE-2026-23545

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...

6.5CVSS5.5AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.9 views

CVE-2026-23545

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...

6.5CVSS0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20663

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...

5.5AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/02/16 4:15 a.m.7 views

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

9.8CVSS0.00246EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/16 3:2 a.m.6 views

CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

6.5CVSS5.2AI score0.00246EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.11 views

PT-2026-8308

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References8
Snyk
Snyk
added 2025/09/26 9:31 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Connection module. An attacker can access sensitive connection details by using READ permissions through both the API and the UI due to the regression that allows to bypass the...

7.1CVSS6.7AI score0.00903EPSS
Exploits0References2
OSV
OSV
added 2025/09/26 8:15 a.m.5 views

PYSEC-2025-85

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

6.5CVSS8AI score0.00903EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.7 views

PT-2025-39520

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...

8.7CVSS6.3AI score0.00903EPSS
Exploits0References16
NVD
NVD
added 2025/03/24 2:15 p.m.15 views

CVE-2025-30588

Cross-Site Request Forgery CSRF vulnerability in ryanxantoo Map Contact map-contact allows Stored XSS.This issue affects Map Contact: from n/a through = 3.0.4...

7.1CVSS0.00168EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:33 p.m.2 views

WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability

CSRF to Stored XSS Vulnerability discovered by Abdi Pranata in WordPress Plugin Map Contact versions = 3.0.4...

7.1CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.8 views

PT-2024-19589 · Livewire · Livewire

Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...

8.8CVSS8.7AI score0.00457EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.6 views

PT-2023-24638 · WordPress · Miled Wordpress Social Login

Name of the Vulnerable Software and Affected Versions: Miled WordPress Social Login plugin versions = 3.0.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

7.1CVSS6.4AI score0.00445EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.8 views

PT-2020-7478 · Varnish · Varnish Http Cache

Name of the Vulnerable Software and Affected Versions: Varnish HTTP cache versions prior to 3.0.4 Description: The issue is related to an ACL bug in the Varnish HTTP cache. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents wher...

7.5CVSS7.2AI score0.01266EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.22 views

vBulletin Init.PHP unspecified vulnerability

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation...

0.2AI score
Exploits0References1
Rows per page
Query Builder