CVE-2026-32461

CVE-2026-32461 concerns the WordPress plugin Really Simple SSL (<= 9.5.7). The connected records describe a Missing Authorization vulnerability in the plugin, enabling access control bypass due to “Incorrectly Configured Access Control Security Levels.” The affected component is the Really Sim...

CVE-2026-32461 WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through = 9.5.7...

CVE-2026-32461

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through = 9.5.7...

PT-2026-25305

CVE-2026-32461 Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Sim... https://t.co/0dxaonXInG...

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.7-2.AXS4 (AXSA:2017-1727:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1727:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...

EUVD-2022-26903

Malicious code in bioql PyPI...

PT-2025-38978

Name of the Vulnerable Software and Affected Versions ptibogxiv Doliconnect versions through 9.5.7 Description A Cross-Site Request Forgery CSRF issue exists in ptibogxiv Doliconnect, which also allows Stored Cross-Site Scripting XSS. This allows an attacker to potentially perform actions on beha...

CVE-2024-40884

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...

CVE-2024-43813 IDOR when marking read a user's channel

Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user...

PT-2024-29128 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue is related to improper permission enforcement, allowing a team admin user without the "Add Team Members" permission to disable the invite...

PT-2024-28691 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue allows remote/synthetic users to create sessions or reset...

GLPI 9.5.7 Username Enumeration

Exploit Title: GLPI 9.5.7 - Username Enumeration Date: 04/29/2023 Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import...

GLPI 9.5.7 - Username Enumeration

Exploit Title: GLPI 9.5.7 - Username Enumeration Date: 04/29/2023 Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import...

GLPI 9.5.7 - Username Enumeration Vulnerability

Exploit Title: GLPI 9.5.7 - Username Enumeration Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import BeautifulSoup Send ...

Security fix for the ALT Linux 9 package glpi version 9.5.7-alt1

9.5.7-alt1 built March 21, 2022 Pavel Zilke in task 296878 Jan. 27, 2022 Pavel Zilke - New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload but...

Security fix for the ALT Linux 10 package glpi version 9.5.7-alt1

9.5.7-alt1 built March 18, 2022 Pavel Zilke in task 296717 Jan. 27, 2022 Pavel Zilke - New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload but...

UBUNTU-CVE-2022-21720

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

Sql injection

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

CVE-2022-21720 SQL injection using custom CSS administration form in GLPI

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

CVE-2022-21719

GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds...