392 matches found
CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form
The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...
EUVD-2026-20172
Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...
CVE-2026-39506
Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...
WordPress plugin AI Engine (Pro) 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-31135
Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...
PT-2026-30586
Name of the Vulnerable Software and Affected Versions SDL image affected versions not specified Description The SDL image library has an issue where pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. A crafted .xcf fil...
CLEANSTART-2026-SY28275 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 3.3.2-r0, 3.3.3-r3, 3.3.3-r4, 3.4.2-r0
Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AI Engine Pro versions 3.4.2...
CVE-2026-33730
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
CVE-2026-33730
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
PT-2026-28516
Name of the Vulnerable Software and Affected Versions Open Source Point of Sale opensourcepos versions prior to 3.4.2 Description The application is a web-based point of sale system written in PHP using the CodeIgniter framework. A security issue exists where an authenticated user with limited...
Linux Distros Unpatched Vulnerability : CVE-2026-33228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...
DEBIAN-CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
Flatted (JSON circular parser) is affected. Prior to 3.4.2, its parse() could treat attacker-controlled string values as direct array index keys, and using the key proto on the internal Array could expose Array.prototype to the output, enabling prototype pollution. The issue has been patched in v...
flatted 安全漏洞
Flatted is a lightweight and fast cycle-based JSON parser developed by Andrea Giammarchi. Versions of Flatted prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from the parse function not verifying whether the string values controlled by the attacker were actually...
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...
CVE-2025-59787
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
CVE-2025-59787
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...