126 matches found
Apache Tomcat 9.0.113 < 9.0.116 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.116. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.116security-9 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...
CVE-2026-25437
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through = 2.0.14...
CVE-2026-25437
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through = 2.0.14...
CVE-2026-25437 WordPress GZSEO plugin <= 2.0.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through = 2.0.14...
WordPress plugin GZSEO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Linux Distros Unpatched Vulnerability : CVE-2018-9154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by...
@haxtheweb/create (>=0.1.3 <=25.0.2), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +4 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)
locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.0, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: OSV:GHSA-RXRV-835Q-V5MH...
Yii Framework 2.0.9 Reflected Cross Site Scripting
A reflected cross site scripting vulnerability exists in Yii Framework version 2.0.9 and earlier versions before 2.0.14. The vulnerability exists in the error handler component. This issue is older research added to the archive...
SUSE CVE-2025-66508
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...
CVE-2025-13592
CVE-2025-13592 affects the WordPress plugin Advanced Ads (
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
CVE-2025-66507
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...