Lucene search
K

8 matches found

Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-3552 SurfLink < 2.6.0 - Missing Authorization to Authenticated (Subscriber+) 410 Gone URL Import via 'surfl_import_410' AJAX Action

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS0.00213EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57396

Name of the Vulnerable Software and Affected Versions SurfLink - Ultimate Link Manager versions prior to 2.6.1 Description Unauthorized data modification is possible due to a missing capability check and missing nonce verification in the ajax import 410 function. While other AJAX handlers in the...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48811

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

4.3CVSS5.3AI score0.00164EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-0125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions...

4.3CVSS5AI score0.00949EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.4 views

CVE-2024-10582

The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importmpfetemplate function in all versions up to, and including, 2.4.1. This makes it possible for authenticated...

4.3CVSS5.1AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2022/05/24 3:15 p.m.29 views

CVE-2022-29237

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.5CVSS0.00541EPSS
Exploits0References2
OSV
OSV
added 2020/04/22 2:15 p.m.4 views

CVE-2020-11689

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file...

6.5CVSS5.8AI score0.00624EPSS
Exploits0References1
Prion
Prion
added 2020/04/22 2:15 p.m.22 views

Design/Logic Flaw

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file...

4CVSS6.3AI score0.00624EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder