CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

WordPress plugin Hostinger Reach 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Hostinger Reach – AI-Powered Email Marketing for WordPress plugin <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update vulnerability

Missing Authorization to Authenticated Subscriber+ Integration API Key Update vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Hostinger Reach AI-Powered Email Marketing for WordPress versions = 1.3.8...

EUVD-2024-55511

Sereal::Decoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14031

CVE-2024-14031 affects Sereal::Encoder versions 4.000–4.009_002 for Perl, which embeds the Zstandard (zstd) library vulnerable to CVE-2019-11922. The vulnerability is a race-condition in Zstandard’s one-pass compression, allowing out-of-bounds writes when the output buffer is smaller than recomme...

CVE-2026-25009

Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...

CVE-2026-32436

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

EUVD-2026-15613

Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...

CVE-2026-25009

Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...

CVE-2026-25009

CVE-2026-25009 is a Missing Authorization vulnerability in Education Zone WordPress Theme. Affected software: Education Zone versions up to and including 1.3.8 (no details on earlier/other variants provided). Root cause: insufficient access control configuration allowing unauthorized actions on p...

PT-2026-27882

Name of the Vulnerable Software and Affected Versions raratheme Education Zone versions through 1.3.8 Description An authorization issue exists in raratheme Education Zone. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update Education Zone t...

WordPress plugin Education Zone 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Education Zone versions = 1.3.8...

CVE-2026-4270 AWS API MCP File Access Restriction Bypass

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

CVE-2026-32436

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

CVE-2026-32436

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

WordPress plugin VW Photography 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-25282

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

WordPress WP Frontend Profile plugin <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability

Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability discovered by johska in WordPress Plugin WP Frontend Profile versions = 1.3.8...