SUSE CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-44838

The CVE concerns RabbitMQ, specifically the MQTT plugin. From 4.2.0 up to 4.2.3, topic-level authorization used a regex pattern that incorporated the user-provided client_id without escaping special regex characters, allowing an authenticated MQTT user to bypass topic authorization. Affected comp...

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

CVE-2022-50948 Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

CVE-2026-33632

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...

CVE-2026-24359

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through = 4.2.4...

PT-2026-28501

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 4.2.4 Description ClearanceKit monitors file system access events on macOS and enforces access policies on a per-process basis. Before version 4.2.4, two file operation event types—ES EVENT TYPE AUTH EXCHANGEDATA...

EUVD-2026-15555

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through = 4.2.4...

CVE-2026-24359

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through = 4.2.4...

CVE-2026-24359 WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through = 4.2.4...

WordPress plugin Dokan 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-2558

Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates as additional details may be released.

CVE-2019-16060

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklistkeys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 also, 4.2.2 and earlier are unaffected...

CVE-2025-14047

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

CVE-2025-14047 WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...