CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

CVE-2025-12038

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

EUVD-2025-37421

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

CVE-2025-12038

CVE-2025-12038 Folderly (WordPress) affects Folderly plugin for WordPress up to version 0.3, due to insufficient capability checks on the REST endpoint /wp-json/folderly/v1/config/clear-all-data. This permits authenticated attackers with Author-level access or higher to perform unauthorized data ...

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

PT-2025-44711

Name of the Vulnerable Software and Affected Versions Folderly plugin for WordPress versions through 0.3 Description The Folderly plugin for WordPress has a flaw that allows unauthorized data modification. This is due to an inadequate capability check on the...

EUVD-2025-34976

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

PT-2025-34222 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the controllerResourceController.java component of jshERP version 3.5. This allows unauthorized attackers to obtain all corresponding ID data by modifying the ID valu...

Linux Distros Unpatched Vulnerability : CVE-2022-21457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficu...

CVE-2025-30736

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks ...

CVE-2024-12336

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

PT-2024-39037 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal affected versions not specified Description: The issue allows an attacker to send a specially designed query through the CATEGORY parameter in the "/jobportal/admin/vacancy/controller.php" API endpoint, and retrieve all the...

UBUNTU-CVE-2024-42273

In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEGALLDATAATGC if blkaddr is valid mkdir /mnt/test/comp f2fsio setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile In the above...

PT-2024-29824

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vulnerability is related to the f2fs file system in the Linux kernel. It occurs when the CURSEG ALL DATA ATGC flag is assigned to COMPR ADDR where the page was set with the gcing fla...

SUSE CVE-2018-2645

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Performance Schema. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Oracle Hospitality Reporting and Analytics 安全漏洞

Oracle Hospitality Reporting and Analytics is an Oracle platform for hotels that generates reports for analyzing operational data. Oracle Hospitality Reporting and Analytics has a security vulnerability that can be exploited by an attacker to cause unauthorized creation, deletion, or modification...

Kaspersky VPN Secure Connection 安全漏洞

Kaspersky VPN Secure Connection is a Vpn client software from the Russian company Kaspersky. The software checks the security of the network. If the Wi-Fi network is not secure, Kaspersky VPN Secure Connection prompts you to enable a secure connection by connecting to a specially assigned server...