CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

CVE-2026-24527

The CVE-2026-24527 entry covers a Missing Authorization (Broken Access Control) vulnerability in WordPress Autoship Cloud for WooCommerce Subscription Products, affecting versions up to 2.14.0. Root cause is misconfigured access control security levels, enabling potential unauthorized access. CVS...

WordPress plugin Autoship Cloud for WooCommerce Subscription Products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the isFileTypeAllowed function in the Bucket component. An attacker can execute arbitrary code on the server by renaming files with a .php extension through specially crafted filenames. This is only exploitable...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the filter parameter in multiple endpoints, leveraging the MongoLite $func operator. An attacker can execute arbitrary system commands by supplying crafted input to the affected endpoints. Remediation Upgrad...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the Asset Handler and Aggregate Handler components. An attacker can access, modify, or disrupt sensitive data by injecting specially crafted elements into data query...

Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.

Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

CVE-2026-24388

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

CVE-2026-24388 WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

GHSA-RCFX-77HG-W2WV FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions 1.23 that were vulnerable to CVE-2025-66416. Users should upgrad...

CVE-2025-59790

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

CVE-2025-59792

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

CVE-2025-59792

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

CVE-2025-59790

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

EUVD-2025-199872

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

CVE-2025-59792

CVE-2025-59792 affects Apache Kvrocks 1.0.0–2.13.0, where the MONITOR command discloses plaintext credentials. Root cause is information disclosure via MONITOR exposure to non-admins. Impact is exposure of sensitive data; CVSS vector indicates network access, low integrity/availability impact. A ...

CVE-2025-59792 Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

EUVD-2025-199878

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

CVE-2025-59790

CVE-2025-59790 affects Apache Kvrocks (versions 2.9.0–2.13.0). The root issue is improper privilege management, specifically relating to the RESET command, which can elevate privileges to administrator level. A fix is available in Kvrocks 2.14.0. Multiple sources (NVD, RH, CNVD, OSV, CNVD/others)...

PT-2025-48340

Name of the Vulnerable Software and Affected Versions Apache Kvrocks versions 1.0.0 through 2.13.0 Description The MONITOR command in Apache Kvrocks has a flaw that can expose plaintext credentials. This issue affects versions 1.0.0 through 2.13.0. Recommendations Upgrade to version 2.14.0 to...