CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

CVE-2026-48973

The CVE-2026-48973 entry applies to the WordPress plugin SVG Support (versions up to 2.5.14). The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, affecting SVG Support. The CVSS 3.1 base score is ...

WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...

OpenLDAP NPD Vulnerability (May 2023)

OpenLDAP is prone to a NULL pointer dereference NPD vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

Design/Logic Flaw

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

PT-2023-23330 · Lightbend · Akka Discovery +1

Name of the Vulnerable Software and Affected Versions: Lightbend Akka versions 2.5.14 through 2.8.0 Akka Discovery versions 2.5.14 through 2.8.0 Description: The async-dns resolver in Lightbend Akka uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to...

CVE-2023-31442

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

SUSE CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

PT-2022-15200

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.5.14 SUSE Rancher versions prior to 2.6.5 Description A Cleartext Transmission of Sensitive Information issue in SUSE Rancher allows attackers on the network to read and change network data due to missing...

[ASA-202103-14] groovy: privilege escalation

Arch Linux Security Advisory ASA-202103-14 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-17521 Package : groovy Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1325 Summary ======= The package groovy before version...

GHSA-G3H8-CG9X-47QW Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...

Cyrus IMAP 2.5.x < 2.5.14, 3.0.x < 3.0.12 Privilege Escalation Vulnerability

Cyrus IMAP is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cyrus:imap"; if...

ansible: Information disclosure in vvv+ mode with no_log on

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

ansible: Information disclosure in vvv+ mode with no_log on

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

ansible: Information disclosure in vvv+ mode with no_log on

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

ansible: Information disclosure in vvv+ mode with no_log on

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection

Exploit Title: Google Doc Embedder 2.5.14 SQL Injection Date: 10-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl http://twitter.com/KacperSzurek Software Link: https://downloads.wordpress.org/plugin/google-document-embedder.2.5.14.zip Category: webapps 1. Description $GET'gpid' ...