UBUNTU-CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-23751

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

CVE-2026-33632 ClearanceKit: opfilter policy bypass via exchangedata and clone operations

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 4.2.4 contained security vulnerabilities; these vulnerabilities stemmed from the failure to intercept events of type ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE, which...

PT-2026-27848

Name of the Vulnerable Software and Affected Versions Dokan versions through 4.2.4 Description An authentication bypass issue exists in Dokan, specifically in the dokan-lite component. This allows for authentication abuse by utilizing an alternate path or channel. Recommendations Update Dokan to ...

CVE-2024-54514

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox...

WordPress plugin Puzzles 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin

Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...

Lilishop 安全漏洞

Lilishop is a mall system from Lilishop Open Source. A security vulnerability exists in Lilishop version 4.2.4 and prior versions, which stems from an access control error. An attacker exploiting this vulnerability could capture and send coupon collection packets to obtain coupons that exceed the...

WordPress plugin MultiVendorX 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Medium: amazon-ecr-credential-helper

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

Nextcloud Contacts 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Contacts 5.0.3 and earlier or 4.2.4 and earlier. No information about this vulnerability is available at this...

CirCarLife Scada Unauthorized Upgrade Vulnerability

Circontrol CirCarLife Scada is a parking lot automation system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife Scada version 4.2.4. The vulnerability can be exploited to disclose sensitive information by sending requests to the html/upgrade.html and...

Liebert MultiLink Automated Shutdown Elevation of Privilege Vulnerability

Liebert MultiLink Automated Shutdown is a set of programs used in Liebert UPS systems to prevent automatic server shutdown. A security vulnerability exists in Liebert MultiLink Automated Shutdown version 4.2.4. A local attacker can exploit this vulnerability by replacing the LiebertM executable...

DEBIAN-CVE-2015-5734

Cross-site scripting XSS vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string...

DEBIAN-CVE-2015-5733

Cross-site scripting XSS vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title...

DEBIAN-CVE-2015-5732

Cross-site scripting XSS vulnerability in the form function in the WPNavMenuWidget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title...