455 matches found
Astra Linux - уязвимость в unbound
Unbound versions 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can lead to the execution of shell code after receiving a specially crafted answer. This issue can only be exploited if Unbound was compiled with the --enable-ipsecmod option, and Isecmod is enabled and utilized...
WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞
WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...
CVE-2026-4326 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
PT-2026-31563
Name of the Vulnerable Software and Affected Versions Vertex Addons for Elementor plugin for WordPress versions up to and including 1.6.4 Description The Vertex Addons for Elementor plugin for WordPress is susceptible to a missing authorization issue. This is caused by insufficient authorization...
CLEANSTART-2026-JJ84567 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.6.4-r3
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-25398
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...
EUVD-2026-15711
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...
CVE-2026-25398
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...
CVE-2026-25398 WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...
CVE-2026-25398 WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...
CVE-2026-25398
Vertex Addons for Elementor (WordPress plugin)
PT-2026-27937
Name of the Vulnerable Software and Affected Versions Webilia Inc. Vertex Addons for Elementor versions through 1.6.4 Description An incorrect access control configuration exists in Webilia Inc. Vertex Addons for Elementor. This allows exploitation due to missing authorization checks...
WordPress plugin Vertex Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Vertex Addons for Elementor versions = 1.6.4...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...
CVE-2026-28507
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28507
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...