Lucene search
+L

38 matches found

Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 6:0 a.m.385 views

CVE-2026-2025 Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

0.01379EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-25280

Malware in sbrugna...

4.3CVSS4.9AI score0.0096EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12689

Malicious code in bioql PyPI...

5.3CVSS5.1AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:22 a.m.11 views

CVE-2024-2931

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...

4.3CVSS6.5AI score0.0052EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.5 views

WordPress plugin Moving Users 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS7.7AI score0.00505EPSS
Exploits0References3
OSV
OSV
added 2024/10/08 12:0 a.m.17 views

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

5.3CVSS6.8AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2024/09/26 6:24 p.m.34 views

GO-2024-3158 Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer

Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer...

5.3CVSS5.2AI score0.00749EPSS
Exploits0References4
NVD
NVD
added 2024/04/02 9:15 a.m.21 views

CVE-2024-2931

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...

4.3CVSS4.3AI score0.0052EPSS
Exploits0References3
CVE
CVE
added 2024/04/02 8:32 a.m.78 views

CVE-2024-2931

CVE-2024-2931 affects the WordPress plugin WPFront User Role Editor. The vulnerability enables Sensitive Information Exposure via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. It allows authenticated attackers with subscriber-level access and above to retrieve the list ...

4.3CVSS9AI score0.0052EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-22151 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: GLPI is a Free Asset and IT Management Software package that includes data center management, ITIL Service Desk, licenses tracking, and software auditing. An authenticated user can obtain the email...

10CVSS6.9AI score0.99628EPSS
Exploits27References160
Veracode
Veracode
added 2024/02/01 11:19 p.m.30 views

Unauthorized Access

gitlab:sid is vulnerable of Unauthorized Access. The vulnerability due to unauthorized user to read user email addresses through the tags feed, even if the visibility setting for the email address in the user profile is disabled. It allows an unauthorized user can get access to read sensitive...

5.3CVSS6.4AI score0.04392EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2024/01/16 4:15 p.m.24 views

Code injection

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5CVSS7.1AI score0.37957EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2023/12/26 7:15 p.m.17 views

CVE-2023-6155

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses...

5.3CVSS0.00565EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/10/13 12:0 a.m.41 views

WordPress Multiple Vulnerabilities (Oct 2023) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

6.5CVSS4.8AI score0.03862EPSS
Exploits6References7
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.9 views

The vulnerability of the XWiki platform, which involves exposing information in the wrong data area, allows a hacker to obtain the email addresses of all users.

The vulnerability of the XWiki Platform lies in the exposure of information in the error data area. Exploiting this vulnerability could allow a malicious actor to obtain the email addresses of all users...

7.8CVSS7.2AI score0.00961EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/02/14 3:15 a.m.3 views

CVE-2023-0655

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses...

5.3CVSS5.9AI score0.00717EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.6 views

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS5.8AI score0.01408EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.512 views

Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS

The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...

0.7AI score
Exploits0
Prion
Prion
added 2022/05/09 5:15 p.m.19 views

Authentication flaw

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users...

5CVSS5.5AI score0.02869EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder