CVE-2025-11482

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

B&R Industrial Automation PPT30 Operating System 安全漏洞

The B&R Industrial Automation PPT30 Operating System is an industrial control terminal operating system developed by B&R Industrial Automation in Austria. Versions of the B&R Industrial Automation PPT30 Operating System prior to 1.8.0 contained security vulnerabilities. These vulnerabilities...

CVE-2026-24343 Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...

PT-2025-52069

Name of the Vulnerable Software and Affected Versions AncoraThemes Integro versions through 1.8.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion ...

CVE-2025-66307 Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...

EUVD-2025-33789

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

CVE-2025-9551

The CVE-2025-9551 entry concerns the Drupal Protected Pages module (vulnerable up to 1.7.x; affected range 0.0.0 through before 1.8.0). Root cause: lack of restriction on the number of authentication attempts, enabling brute-force attacks on protected pages. Impact is described as potential brute...

CVE-2025-9551 Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

Drupal Protected Pages 安全漏洞

Drupal Protected Pages is a page locking plugin for the Drupal community. A security vulnerability exists in Drupal Protected Pages versions prior to 1.8.0, which stems from an unrestricted number of authentication attempts that could lead to a brute force attack...

PT-2025-41619

Name of the Vulnerable Software and Affected Versions Drupal Protected Pages versions 0.0.0 through 1.7.9 Description A flaw exists in Drupal Protected Pages that allows for excessive authentication attempts, potentially leading to brute force attacks. This issue impacts the Protected Pages modul...

PT-2025-33423 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability was identified in linlinjava litemall. The issue affects an unknown functionality within the /admin/config/express file of the Business Logic Handler component. Manipulatio...

Drupal Google Tag 跨站请求伪造漏洞

Drupal Google Tag is a Drupal community module for integrating Google Tag Manager in Drupal websites. A cross-site request forgery vulnerability exists in Drupal Google Tag versions prior to 1.8.0 and versions prior to 2.0.0 through 2.0.8 that stems from cross-site request forgery...

CVE-2024-13279

Session Fixation vulnerability in Drupal Two-factor Authentication TFA allows Session Fixation.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.8.0...

CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

WordPress plugin Cooked Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reque...

WordPress plugin Cooked Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by RE-ALTER Patchstack Alliance in WordPress Plugin Cooked Pro versions 1.8.0...