WordPress Listar – Directory Listing & Classifieds WordPress Plugin plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Listar – Directory Listing & Classifieds versions = 3.0.0...

CVE-2025-12574

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

CVE-2025-10161 Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This...

CVE-2025-10161

CVE-2025-10161 concerns Turkguven Software Technologies Inc. Perfektive prior to version 12574 Build 2701. Affected component/behavior: improper restriction of excessive authentication attempts, client-side enforcement of server-side security, and reliance on untrusted inputs in security decision...

Turkguven Perfektive 安全漏洞

Turkguven Perfektive is an occupational health and safety management software from Turkguven, Turkey. A security vulnerability exists in versions prior to Turkguven Perfektive 12574 Build 2701, which stems from improperly limiting over-authentication attempts, server-side security client...

CVE-2019-12574

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The...

CVE-2024-12574

creationtimestamp| type| source ---|---|--- 2024-12-13 04:33:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113643643641302838 2024-12-13 04:36:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113643656425958830 2024-12-13 07:24:09+00:00| seen| https://t.me/cvedetector/128...

CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-12574

CVE-2024-12574 concerns the WordPress plugin SVG Shortcode. The description in the initial document states it is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.1, caused by insufficient input sanitization and output escaping. Connected docum...

Oracle Linux 9 : qemu-kvm (ELSA-2024-12574)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12574 advisory. - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit DAT is set hilippe Mathieu-Daude Orabug: 36575206 CVE-2024-3447 Tenable has extracted the preceding...

CVE-2019-12574

The CVE-2019-12574 entry concerns the London Trust Media Private Internet Access (PIA) VPN Client for Windows (v1.0). It is vulnerable to a DLL injection flaw during the software updater process: the updater loads multiple libraries from a folder that authenticated users can write to, enabling a ...

CVE-2017-12574

CVE-2017-12574 affects PLANEX CS-W50HD devices running firmware before 030720. A hardcoded credential, "supervisor:dangerous", was injected into the web authentication database at boot (/.htpasswd), granting attackers full unauthorised control; the account cannot be modified or deleted. Multiple ...

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

PLANEX CS-W50HD Hardcoded Credential

Reserved CVE: CVE-2017-12574 Description A hidden and undocumented account exists that allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. Vulnerability Type Default user/password Affected Product Code Base Firmware ver 030608...

CVE-2018-12574

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices...

CVE-2018-12574

CVE-2018-12574 affects TP-Link TL-WR841N v13. The web UI is vulnerable to Cross-Site Request Forgery via a flawed referer-based protection: requests from crafted domains bypass the check and perform arbitrary actions as an authenticated user. Affected version: 0.9.1 4.16 v0001.0 Build 180119 Rel....

Fedora Update for rubygems FEDORA-2015-12574

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12574

CVE-2020-12574 entry is rejected/not used and does not represent an active vulnerability.