Lucene search
+L

193 matches found

CVE
CVE
added 2026/01/10 1:6 a.m.12 views

CVE-2026-22602

CVE-2026-22602 affects OpenProject prior to version 16.6.2. A user with low privileges (logged in) can enumerate and view the full names of other users by iterating through sequential user IDs (e.g., 1, 2, 3, …) or via the OpenProject API, enabling automated retrieval of personal data. The issue ...

3.5CVSS6.5AI score0.00255EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000347 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

7CVSS7.6AI score0.07611EPSS
Exploits24References4
Tenable Nessus
Tenable Nessus
added 2025/12/29 12:0 a.m.6 views

Mattermost Server 10.11.x < 10.11.8 / 10.12.x < 10.12.4 / 11.0.x <= 11.0.6 / 11.1.x <= 11.1.1 Improper Authentication (MMSA-2025-00555)

The version of Mattermost Server installed on the remote host is 10.11.x prior to 10.11.8, 10.12.x prior to 10.12.4, 11.0.x prior to 11.0.6, or 11.1.x prior to 11.1.1, and is, therefore, affected by an improper authentication vulnerability: - Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5,...

8.3CVSS5.8AI score0.00227EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/21 9:12 a.m.9 views

CVE-2025-12492

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 1:58 p.m.7 views

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...

6.3AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2025/12/19 9:29 a.m.20 views

CVE-2025-12361

The CVE-2025-12361 entry concerns the WordPress plugin myCred (Points Management System) with vulnerability in versions up to and including 2.9.7.1. The root cause is Missing Authorization: authenticated users with Subscriber-level access and above can access sensitive information via the get_ban...

4.3CVSS5.1AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/19 9:29 a.m.5 views

CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS5.1AI score0.00212EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-14440

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jayloginregisterprocessswitchback' function with the 'jayloginregisterprocessswitchback' cookie value. This makes...

9.8CVSS0.00704EPSS
Exploits1References3
NVD
NVD
added 2025/12/12 12:15 p.m.7 views

CVE-2025-14159

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

4.3CVSS0.00139EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 4:29 a.m.4 views

CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

5.3CVSS5.3AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/14 8:10 a.m.11 views

CVE-2025-12681

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 7:27 a.m.8 views

CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2025/11/13 7:27 a.m.21 views

CVE-2025-12681

CVE-2025-12681 affects the WordPress plugin Comment Edit Core – Simple Comment Editing, up to version 3.1.0. The root cause is an unauthenticated exposure via the ajax_get_comment function, allowing any visitor to access sensitive data such as user IDs, IP addresses, and email addresses. Wordfenc...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46785

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2025/11/05 3:15 p.m.13 views

CVE-2025-52602

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

4.2CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 2:46 p.m.13 views

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

4.2CVSS0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

Ecuador Quipux 安全漏洞

Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from improper handling of the txtlogin parameter and could lead to username enumeration and access to the...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 12:0 a.m.2 views

CVE-2025-55342

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...

6.5AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.8 views

CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS0.00602EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32520

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder