Lucene search
K

148 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27393

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS5.4AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 9:16 a.m.13 views

CVE-2026-27393

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:24 a.m.9 views

CVE-2026-27393 WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 8:24 a.m.25 views

CVE-2026-27393

The CVE-2026-27393 entry concerns the WordPress plugin CF7 WOW Styler (versions n/a–1.7.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in which access permissions are incorrectly configured, allowing unauthorized access to functionality. The available ...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/21 8:23 a.m.11 views

WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin CF7 WOW Styler versions = 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42434

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 9:9 p.m.6 views

CVE-2026-44428 MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

2.1CVSS5.9AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 9:9 p.m.54 views

CVE-2026-44428 MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

2.1CVSS0.00219EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 5:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...

4.7CVSS5.5AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 5:6 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...

4.7CVSS5.5AI score0.00219EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.6 views

WordPress WP Featured Content and Slider plugin <= 1.7.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Featured Content and Slider versions = 1.7.6...

5.8AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.5 views

CVE-2026-39517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39517 WordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

5.9AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31140

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.6...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

farm 安全漏洞

Farm is a web building tool developed by Farm OpenSource. Versions of Farm prior to 1.7.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of source verification in WebSocket, which could allow attackers to monitor developers and steal source code...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.4 views

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 12:0 a.m.4 views

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

5.4CVSS5.4AI score0.00204EPSS
Exploits1References1
Rows per page
Query Builder