SUSE: Security Advisory (SUSE-SU-2026:1307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1307

creationtimestamp| type| source ---|---|--- 2026-03-28 10:30:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi4ghydagg2n...

CVE-2026-1307

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the adminenqueuescripts action handler in blocks/bootstrap.php. This makes it possible for...

EUVD-2026-1307

The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column' shortcode attribute in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-1307

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

EUVD-2021-1307

Malware in sbrugna...

CVE-2023-1307

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13...

CVE-2011-1307

The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...

Exploit for Missing Authorization in Spicethemes Newscrunch

Newscrunch Exploit CVE-2025-1307 🚨 Overview This exploit...

CVE-2025-1307

creationtimestamp| type| source ---|---|--- 2025-03-04 05:30:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6343 2025-03-04 06:01:30+00:00| published-proof-of-concept| Telegram/macVH0v7i2nzlHDG3843dn9M-u-r9AI0mgz7c0Lv52YB4Bs 2025-03-04 07:04:08+00:00| seen|...

CVE-2025-1307

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

Linux Distros Unpatched Vulnerability : CVE-2014-1307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2024-32316

Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability in the fromDhcpListClient function...

CVE-2024-3908 Tenda AC500 WriteFacMac formWriteFacMac command injection

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.91307. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...

PT-2024-24508 · Tenda · Tenda Ac500

Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: The issue is a stack overflow vulnerability that can be exploited via the timeZone parameter in the formSetTimeZone function. This allows for potential unauthorized access or control...

Tenda AC500 安全漏洞

The Tenda AC500 is a Gigabit port access controller from Tenda, China. A security vulnerability exists in Tenda AC500 version 2.0.1.91307, which originates from a buffer overflow issue in the PPPOEPassword parameter of the formQuickIndex method of the /goform/QuickIndex file. No details of the...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307

CVE-2024-1307 refers to the Smart Forms WordPress plugin vulnerability. The issue is an authorization weakness in certain actions, allowing users with a low role (subscriber) to call those actions and perform unauthorized operations. Public sources in connected documents confirm the affected vers...

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 966287948243 Credits Amir Hossein Fallahi Required...

Malicious code in wlwz-2312-1307 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 147211105cb305b8c4bfb75f6bc668f0849b0295678ff71f00dc87183a2e4920 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...