240 matches found
Astra Linux - уязвимость в libzstd
Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and then restricted those permissions immediately afterwards. As a result, the output files could temporarily be readable or writab...
CVE-2026-6670
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
EUVD-2026-30256
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
CVE-2026-6670
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
CVE-2026-6670 Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
CVE-2026-6670 Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
PT-2026-40893
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...
WordPress Media Sync plugin <= 1.4.9 - Authenticated (Author+) Path Traversal vulnerability
Authenticated Author+ Path Traversal vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Media Sync versions = 1.4.9...
WordPress File Manager for Google Drive – Integrate Google Drive plugin <= 1.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Integrate Google Drive versions = 1.4.9...
Authentication Bypass Using an Alternate Path or Channel
Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the session.cookieCache component. An attacker can gain unauthorized access to protected...
VulnCheck KEV: CVE-2025-13920
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...
CVE-2026-24981
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...
CVE-2026-24980
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through = 1.4.9...
EUVD-2026-15600
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through = 1.4.9...
EUVD-2026-15602
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...
CVE-2026-24981
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...
CVE-2026-24981
CVE-2026-24981 is a Deserialization of Untrusted Data vulnerability in Visionary Core (NooVisionary Core) affecting Visionary Core versions from a pre-release to and including 1.4.9. The issue allows PHP object injection due to deserialization of untrusted data. CVSS v3.1 vector: AV:N/AC:L/PR:L/U...
CVE-2026-24980 WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through = 1.4.9...
CVE-2026-24981 WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...