SUSE CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability

Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability discovered by Jay in WordPress Plugin ZoloBlocks versions = 2.3.11...

CVE-2025-49903

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

EUVD-2025-35549

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

PT-2025-43173

Name of the Vulnerable Software and Affected Versions bdthemes ZoloBlocks versions through 2.3.11 Description An authorization issue exists in bdthemes ZoloBlocks that allows exploiting incorrectly configured access control security levels. Recommendations Update to a version later than 2.3.11...

EUVD-2017-18267

Malware in sbrugna...

EUVD-2018-13163

Malware in sbrugna...

WordPress ZoloBlocks plugin <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin ZoloBlocks versions = 2.3.10...

CVE-2025-54007 WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.11...

WordPress plugin Post Grid and Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2018-20612

UWA 2.3.11 allows index.php?g=admin=admin=addadmindo CSRF...

CVE-2025-22287

Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through = 2.3.1...

Amazon Linux AMI : freetype (ALAS-2025-1976)

The version of freetype installed on the remote host is prior to 2.3.11-19.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1976 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related ...

CVE-2024-13476

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtzwdsavedropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13476

CVE-2024-13476 concerns the LTL Freight Quotes – GlobalTranz Edition WordPress plugin. The issue is an SQL Injection via the engtz_wd_save_dropship AJAX endpoint present in all versions up to 2.3.11, caused by insufficient escaping of a user-supplied parameter and inadequate preparation of the SQ...

CVE-2025-22290

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows SQL Injection.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a throu...

CVE-2025-22290

CVE-2025-22290 affects WordPress plugin LTL Freight Quotes – FreightQuote Edition (≤ 2.3.11). Root cause: improper neutralization of special elements in SQL commands, enabling SQL Injection. Impact per available data: high confidentiality impact and overall critical severity (CVSS v3.1 9.3). Affe...