PT-2025-4924 · Unknown · Custom Post Type Lockdown

Name of the Vulnerable Software and Affected Versions: Custom Post Type Lockdown versions prior to 1.11 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows privilege escalation. This means an attacker can trick a user into performing unintended actions on a web...

PT-2023-16058 · WordPress · Juicer

Name of the Vulnerable Software and Affected Versions: Juicer WordPress plugin versions prior to 1.11 Description: The issue is related to the Juicer WordPress plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

PT-2021-10709 · Unknown · Ave Dominaplus

Name of the Vulnerable Software and Affected Versions: AVE DOMINAplus versions prior to 1.11 Description: The issue allows an unauthenticated attacker to obtain administrative login information by accessing an unprotected directory that hosts an XML file '/xml/authClients.xml', enabling a...

CVE-2017-16727

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely...

DEBIAN-CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fzpaintpixmapwithmask painting operation. Versions 1.11 and later are unaffected...