1459 matches found
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...
CVE-2026-45012
Summary (CVE-2026-45012) ApostropheCMS (Node.js) versions up to and including 4.29.0 expose an authenticated SSRF in the rich-text widget import flow. An authenticated user who can submit or edit rich-text content can trigger the server to fetch attacker-controlled URLs during widget validation, ...
CVE-2026-6250 Authenticated Format String Injection on TP-Link Tapo C110
An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return...
CVE-2026-6250
The CVE-2026-6250 entry documents an authenticated format-string vulnerability in the ONVIF service of the TP-Link Tapo C110 v2. The issue arises from improper handling of user-controlled input, where externally controlled data is interpreted as a format string. This allows an authenticated remot...
WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...
WordPress Easy Image Collage plugin <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by gnsehfvlr in WordPress Plugin Easy Image Collage versions = 1.13.6...
WordPress Slider Revolution plugin 7.0-7.0.10 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Luc Huynh from Noventiq RedTeam - Noventiq Vietnam in WordPress Plugin Slider Revolution versions 7.0-7.0.10...
WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability
Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...
WordPress Blocksy theme <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.41...
WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...
WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...
WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability
Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...
CVE-2026-6241
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...
CVE-2026-6242
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...
CVE-2026-6242
The CVE-2026-6242 entry describes an authenticated format-string vulnerability in the ONVIF Subscribe service of TP-Link Tapo C520WS v2. The root cause is improper handling of externally supplied parameters within formatting functions, enabling an attacker with valid credentials to inject crafted...
CVE-2026-6241 Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...
CVE-2026-6241
An authenticated format-string vulnerability affects TP-Link Tapo C520WS v2 (ONVIF AddScopes). User-controlled input is passed to formatting functions without proper sanitization, enabling injection of format specifiers that can manipulate memory handling. Exploitation may cause the ONVIF managem...
CVE-2026-6240 Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...