CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

CVE-2026-42680

CVE-2026-42680 : Affected product is the WordPress plugin Contest Gallery Pro up to version 29.0.1. The vulnerability is an Incorrect Privilege Assignment that allows privilege escalation. The CVSS 3.1 base score is 9.8 (CRITICAL) with attack vector NETWORK, no user interaction, and requires no p...

CVE-2026-42680

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

EUVD-2026-33657

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...

Linux Distros Unpatched Vulnerability : CVE-2025-44021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 29.0.1, which stems from an unexpected file that may be written to the target node...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

io.nstream:nstream-adapter-druid (>=4.8.15 <=4.15.23) potentially affected by CVE-2024-45537 via org.apache.druid:druid (=29.0.1)

org.apache.druid:druid MAVEN version =29.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.druid:druid and may be impacted: - io.nstream:nstream-adapter-druid =4.8.15, =4.15.23 Source cves: CVE-2024-45537 Source advisory:...

SUSE CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...