Lucene search
K

31 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57323

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS0.00228EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2025-58954

CVE-2025-58954 affects the WordPress Theme HomeRoofer (

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/01/16 4:53 p.m.19 views

CVE-2026-23529

Summary: CVE-2026-23529 affects the Kafka Connect BigQuery Connector (Google BigQuery Sink) before version 2.11.0. The root cause is failure to validate externally-sourced credential configurations prior to passing them to Google authentication libraries during connector setup. An attacker can su...

7.7CVSS6.6AI score0.00376EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/16 4:53 p.m.6 views

EUVD-2026-3124

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS6.5AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 3:20 a.m.17 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS0.0021EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.8 views

WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

5.3CVSS6AI score0.00437EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/17 6:21 p.m.25 views

CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS0.00288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.5 views

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

8.1CVSS5.8AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...

8.1CVSS5.8AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.7 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS5.8AI score0.0068EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.7 views

PT-2025-7160 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...

8.8CVSS6.3AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

7.5CVSS6.7AI score0.00517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-7130 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...

9.8CVSS7.5AI score0.01029EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

8.1CVSS6.3AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

7.5CVSS6.7AI score0.00517EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.5 views

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 versions prior to 2.11.0 due to a post-release reuse vulnerability in the xmlXIncludeAddNode function...

8.1CVSS6.9AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.3 views

Pepperl+Fuchs Multiple Products Information Disclosure Vulnerability

Pepperl+Fuchs OIT Series is a series of high-temperature identification systems from Pepperl+Fuchs, Germany. An information disclosure vulnerability exists in various Pepperl+Fuchs products, which originates from an unauthenticated, remote attacker being able to read sensitive device information...

7.5CVSS6.1AI score0.00511EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/30 10:33 a.m.1 views

freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the nscrledecompressdata function. The Out-Of-Bounds Read occurs because it processes context-Planes without checking if it contains da...

7.5CVSS5.7AI score0.01332EPSS
Exploits1References5
Rows per page
Query Builder