Lucene search
+L

296 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-9820

Mattermost versions 11.7.x = 11.7.2, 10.11.x = 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API...

3.8CVSS6.1AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago9 views

CVE-2026-9820

Mattermost versions 11.7.x <= 11.7.2 and 10.11.x

3.8CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:37 p.m.40 views

CVE-2026-8074 Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

3.8CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:37 p.m.15 views

CVE-2026-8074

Mattermost CVE-2026-8074 affects Mattermost versions 11.7.x (<=11.7.0) and 10.11.x (

3.8CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 1:37 p.m.4 views

CVE-2026-8074 Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

3.8CVSS6AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51320

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost versions prior to 10.11.17 Description Insufficient enforcement of bot-specific permission checks on the user active status endpoint allows a User Manager with user management write access, but lacking...

3.8CVSS5.8AI score0.00192EPSS
Exploits0References6
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49766

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.30 views

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36890

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS5.2AI score0.00506EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.28 views

CVE-2026-49766

CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...

9.9CVSS5.2AI score0.00506EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.12 views

PT-2026-49142

Name of the Vulnerable Software and Affected Versions WP User Manager versions prior to 2.9.17 Description A flaw allows a user with Subscriber privileges to perform arbitrary file deletion. Recommendations Update to a version newer than 2.9.16...

9.9CVSS5.4AI score0.00506EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/09 9:22 a.m.11 views

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion vulnerability

Unauthenticated Path Traversal to Local File Inclusion vulnerability discovered by Yat in WordPress Plugin WP User Manager versions = 2.9.17...

7.5CVSS5.5AI score0.02403EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/06 12:31 a.m.16 views

EUVD-2026-34928

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References14
NVD
NVD
added 2026/06/06 12:16 a.m.19 views

CVE-2026-9290

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.13 views

WordPress plugin WP User Manager – User Profile Builder & Membership 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.6AI score0.02403EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.10 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.73 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS
Exploits1References13
CVE
CVE
added 2026/06/05 11:28 p.m.46 views

CVE-2026-9290

The affected product is the WordPress plugin “WP User Manager – User Profile Builder & Membership.” CVE-2026-9290 describes a Local File Inclusion (LFI) vulnerability in all versions up to and including 2.9.17, exploitable via the profile template scope function. This allows unauthenticated attac...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References13
OSV
OSV
added 2026/06/05 11:28 p.m.5 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.6AI score0.02403EPSS
Exploits1References15
Patchstack
Patchstack
added 2026/06/05 9:37 a.m.13 views

WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...

9.9CVSS5.5AI score0.00506EPSS
Exploits0Affected Software1
Rows per page
Query Builder