CVE-2026-7049

creationtimestamp| type| source ---|---|--- 2026-05-06 17:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3ml7abbghlf2g...

CVE-2025-7049

creationtimestamp| type| source ---|---|--- 2025-09-10 07:34:17+00:00| seen| Telegram/BldVtjTe5EnI2z1H3nljSFgIMA44BAcqu25mJhQUEW96OI...

CVE-2025-7049

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJgmgtgmgtadduser' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

WordPress WPGYM - Wordpress Gym Management System plugin <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

WordPress WPGYM - Wordpress Gym Management System plugin = 67.7.0 - Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Michelle Porter in WordPress Plugin WPGYM versions = 67.7.0...

CVE-2023-7049

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

CVE-2019-7049

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

Oracle Linux 9 : python-requests (ELSA-2025-7049)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7049 advisory. 2.25.1-9 - Security fix for CVE-2024-35195 Resolves: RHEL-37609 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-7049-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7049-3 advisory. USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 14.04 LTS. Tenable has extracted the preceding...

Ubuntu: Security Advisory (USN-7049-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-7049-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7049-2 advisory. USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable ha...

CVE-2024-7049

creationtimestamp| type| source ---|---|--- 2024-10-10 10:54:02+00:00| seen| https://t.me/cvedetector/7572...

CVE-2024-7049

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process...

CVE-2024-7049 Exposure of Token in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : PHP vulnerabilities (USN-7049-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7049-1 advisory. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to...

CVE-2023-7049

creationtimestamp| type| source ---|---|--- 2024-08-16 06:11:56+00:00| seen| https://t.me/cvedetector/3320...

CVE-2023-7049

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cmfieldshow' shortcode due to missing validation on the 'jobid' user controlled key. This makes it possible for authenticated attackers...

WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

Fedora: Security Advisory (FEDORA-2024-4bbd13d425)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...