WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

RHCOS 4 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - gogo/protobuf: plugin/unmarshal/unmarshal.go lack...

CVE-2026-39656

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

EUVD-2026-20322

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

CVE-2026-39656

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

CVE-2026-39656

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

CVE-2026-39656 WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

CVE-2026-39656

CVE-2026-39656 concerns the WordPress Razorpay for WooCommerce plugin, specifically versions up to and including 4.8.2. The vulnerability is described as a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling an unauthorized exposure due to...

WordPress plugin Razorpay for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-31219

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through = 4.8.2...

CVE-2026-4564

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

PT-2026-22767

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

Ruoyi security vulnerabilities

Ruoyi is a backend management system developed by Ruoyi’s individual developer. The Ruoyi v4.8.2 version has a security vulnerability, which stems from improper access control in the selectDept function. This vulnerability could allow unauthorized attackers to access sensitive departmental data a...

PT-2026-4523

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An access control issue exists in the update function of the software. This allows unauthorized modification of data beyond the intended scope. Recommendations Update to a newer version that contains a fix for...

PT-2026-1871

Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...

CVE-2025-67522

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through = 4.8.2...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...