61 matches found
LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...
EUVD-2026-33248
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...
CVE-2026-46365
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...
PT-2026-41367
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...
VulnCheck KEV: CVE-2025-11368
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
EUVD-2026-4664
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
CVE-2019-20803
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for gpreviewtheme...
GHSA-QX44-P258-3C2V Cadmium CMS has a background arbitrary file upload vulnerability
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...
Cadmium CMS has a background arbitrary file upload vulnerability
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
EUVD-2025-198382
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
PT-2025-47660
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions prior to 4.2.9.5 Description The LearnPress – WordPress LMS Plugin for WordPress is affected by a sensitive information disclosure issue. Missing capability checks in the REST endpoint...
EUVD-2019-4845
Malware in sbrugna...
EUVD-2019-11340
Malware in sbrugna...
EUVD-2018-11524
Malware in sbrugna...
CVE-2024-5310
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
Incorrect Authorization
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Incorrect Authorization due to a missing check in the access function in FieldUpdateActionBase.php. An attacker with limited...