Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNVD
CNVDadded 2025/10/21 12:0 a.m.1 views

WordPress Lisfinity Core plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

7.3CVSS7.2AI score0.00053EPSS
Exploits0References1
NVD
NVDadded 2025/10/15 6:15 a.m.4 views

CVE-2025-6042

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...

7.3CVSS0.00053EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/10/15 12:0 a.m.1 views

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

7.3CVSS7AI score0.00053EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/10/09 3:39 p.m.4 views

CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS0.00032EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/09/15 12:0 a.m.2 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.4AI score0.00073EPSS
Exploits0References2
Veracode
Veracodeadded 2019/05/23 6:27 a.m.21 views

Unrestricted API

Blogifier uses an unrestricted API. A lack of validation in the pathname allows an unauthenticated remote attacker to gain access to the unprotected API and perform unauthorized actions...

9.8CVSS9.4AI score0.00657EPSS
Exploits0References2Affected Software1
Hacker One
Hacker Oneadded 2017/04/24 6:50 p.m.13 views

Weblate: Abuse of Api that causes spamming users and possible DOS due to missing rate limit on contact form

Summary: In your sub-domain: https://demo.weblate.org/ , there's an endpoint that doesn't have any rate limit on it to prevent spamming you by filling the contact you form multiple times to bomb you with tons of emails. Description: Spamming and Possible DOS is being possible due to missing rate...

7.1AI score
Exploits0
Rows per page
Query Builder