Lucene search
K

418 matches found

Cvelist
Cvelist
added 2026/07/04 7:45 p.m.32 views

CVE-2026-14649 code-projects Online Voting System saveVote.php test_input sql injection

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 7:45 p.m.9 views

CVE-2026-14649

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS7AI score0.00269EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52165

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description An incorrect authorization issue in the Advanced Content Feedback module allows forceful browsing. The module fails to sufficiently verify authorization over the targete...

6.1AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40583

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...

8.8CVSS5.5AI score0.00376EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 6:39 p.m.10 views

MAL-2026-4478 Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

5.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:39 p.m.10 views

Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

5.8AI score
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.7 views

CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References7
CVE
CVE
added 2026/05/12 7:48 a.m.15 views

CVE-2026-4301

The CVE-2026-4301 entry documents a vulnerability in the WordPress plugin Rate Star Review Vote (versions up to 1.6.4). The vwrsr_review() AJAX handler lacks proper capability checks and nonce verification, relying only on is_user_logged_in(). When form is set to 'update', an attacker-supplied ra...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞

WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-39948

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Cisco Slido 安全漏洞

Cisco Slido is an interactive Q&A and voting platform provided by the American company Cisco. There is a security vulnerability in Cisco Slido, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access other users’ social media dat...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.13 views

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 10:14 p.m.3 views

CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

5.4CVSS5.7AI score0.00115EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 10:14 p.m.19 views

CVE-2026-40928

WWBN AVideo (versions ≤ 29.0) exposes state-changing JSON endpoints under objects/ without CSRF protection or origin/referer checks. A logged-in user can be coerced to perform actions via attacker-controlled HTML: like/dislike comments (objects/comments_like.json.php), post comments with attacker...

5.4CVSS5.7AI score0.00115EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/21 10:14 p.m.4 views

CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

5.4CVSS6AI score0.00115EPSS
Exploits1References4
NVD
NVD
added 2026/04/21 5:16 p.m.5 views

CVE-2026-40583

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...

8.8CVSS0.00376EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:57 p.m.4 views

CVE-2026-40583

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...

8.8CVSS5.8AI score0.00376EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/21 4:57 p.m.3 views

CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...

8.8CVSS5.8AI score0.00376EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/21 4:57 p.m.7 views

EUVD-2026-24179

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...

8.8CVSS5.8AI score0.00376EPSS
Exploits1References3
Rows per page
Query Builder