17 matches found
Adobe ColdFusion - RDS Arbitrary File Write
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. The RDS FILEIO WRITE operation allows unauthenticated...
CVE-2026-48282
creationtimestamp| type| source ---|---|--- 2026-07-01 03:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpklnwud3g2a 2026-07-01 09:45:14+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00|...
WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by LVT-tholv2k in WordPress Plugin Majestic Support versions = 1.1.0...
CVE-2025-48282
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through = 1.1.0...
CVE-2025-48282 WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0...
CVE-2025-48282 WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through = 1.1.0...
CVE-2025-48282
CVE-2025-48282 affects WordPress plugin Majestic Support (versions up to and including 1.1.0). The flaw is a Missing Authorization vulnerability caused by incorrectly configured access control levels, enabling bypass of protections without authentication. CVSS 3.1 base score 5.3 (Network, Low att...
CVE-2024-48282
creationtimestamp| type| source ---|---|--- 2024-10-15 16:06:16+00:00| seen| https://t.me/cvedetector/7919 2024-10-16 20:00:58+00:00| seen| https://t.me/arvinclub1/1153 2024-10-16 20:04:26+00:00| seen| https://t.me/ZeroEthicalCourse/1743...
CVE-2024-48282
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request...
CVE-2023-48282
creationtimestamp| type| source ---|---|--- 2023-12-17 14:17:17+00:00| seen| https://t.me/ctinow/155607...
CVE-2023-48282
Cross-Site Request Forgery CSRF vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9...
CVE-2023-48282
CVE-2023-48282 affects the WordPress Taxonomy filter plugin (versions
WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Taxonomy filter Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.2.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48282 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ad5f47ddab4a Credits Nguyen Xuan Chien...
CVE-2022-48282
creationtimestamp| type| source ---|---|--- 2023-02-21 22:16:50+00:00| seen| https://t.me/cibsecurity/58637...
CVE-2022-48282
Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...
CVE-2022-48282 Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution
Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...
CVE-2022-48282
CVE-2022-48282 affects MongoDB .NET/C# Driver up to version 2.18.0. Under very specific conditions, a privileged user can cause arbitrary code execution via deserialization, involving applications written in C# running on Windows with the full .NET Framework, taking user data, and serializing wit...