CVE-2026-34028

The CVE-2026-34028 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). It exposes web-accessible file paths that lack authorization, allowing an unauthenticated attacker to directly download files via HTTP endpoints such as /Resources/CompanyId_[ID]/Audio/ and /Safe...

PT-2026-49199

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId ID/Audio/ and...

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

EUVD-2026-13998

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

PT-2026-26857

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

WordPress plugin WP-Chatbot for Messenger 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

LiveCRM SaaS Cloud SQL Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. LiveCRM SaaS Cloud is an open source, cloud-based business management and customer relationship management component used in it. A SQL...

CVE-2018-5985

SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&companyid= request...

CorpWatch Company ID Information Search

This module interfaces with the CorpWatch API to get publicly available info for a given CorpWatch ID of the company. If you don't know the CorpWatch ID, please use the corpwatchlookupname module first. This module requires Metasploit: https://metasploit.com/download Current source:...