WordPress VikBooking plugin < 1.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

WordPress Construction Light theme < 1.6.8 - Subscriber+ Arbitrary Plugin Activation vulnerability

Subscriber+ Arbitrary Plugin Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Construction Light versions 1.6.8...

CVE-2025-39480

Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection.This issue affects Car Dealer: from n/a before 1.6.8...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.5.7 and earlier and 1.6.x before 1.6.8, which stems from an...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.5.7 and earlier and version 1.6.x prior to 1.6.8, which stems...

WordPress VikBooking plugin < 1.6.8 - Insecure Direct Object References vulnerability

Insecure Direct Object References vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

PT-2024-20389 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8 Description: The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to...

UBUNTU-CVE-2023-22094

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL...

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secur...

Unbound Security Bypass Vulnerability

Unbound is a C-based open source recursive DNS server software maintained by NLnet Labs in the Netherlands. A security vulnerability exists in Unbound versions prior to 1.6.8, which stems from the program failing to properly validate wildcard records. An attacker could exploit this vulnerability ...

DEBIAN-CVE-2009-4501

The zbxgetnextfield function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service crash via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword...