6 matches found
CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ptodeletefile AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...
PT-2025-32732 · Intel · Intel I350 Series Ethernet
Name of the Vulnerable Software and Affected Versions: IntelR I350 Series Ethernet versions prior to 5.19.2 Description: Improper initialization in the Linux kernel-mode driver for some IntelR I350 Series Ethernet may allow an authenticated user to potentially enable information disclosure via da...
CVE-2024-43795
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
PT-2024-24583 · Unknown · Wp Easycart
Name of the Vulnerable Software and Affected Versions: WP EasyCart versions through 5.5.19 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user...
UBUNTU-CVE-2022-42721
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code...
CVE-2022-39842
An issue was discovered in the Linux kernel before 5.19. In pxa3xxgcuwrite in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of sizet versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to...