846 matches found
PT-2026-35242
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...
Acute Systems Acute Systems CrossFont 安全漏洞
Acute Systems CrossFont is a tool developed by Acute Systems that allows for the conversion and management of font files between different operating systems. Version 7.5 of Acute Systems CrossFont contains a security vulnerability. This vulnerability stems from a buffer overflow in the License Ke...
Acute Systems TransMac 安全漏洞
Acute Systems TransMac is a tool software developed by Acute Systems that allows access and management of Mac disks and file systems on Windows systems. Version 12.2 of Acute Systems TransMac contains a security vulnerability. This vulnerability stems from a buffer overflow in the license key inp...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer for WordPress is affected by CVE-2026-1938: versions up to 4.3.2 expose the REST endpoint /yaymail-license/v1/license/delete without proper authorization, enabling authenticated attackers (Shop Manager level and higher) to delete the plugin license key i...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
PT-2026-20294
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2020-37213
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash...
CVE-2020-37198
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...
CVE-2020-37213 TextCrawler Pro3.1.1 - Denial of Service
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash...
CVE-2020-37213
CVE-2020-37213 affects TextCrawler Pro 3.1.1. A denial-of-service vulnerability allows an attacker to crash the application by pasting an oversized 6000-byte payload into the activation/license key field, triggering a crash. Public references mention an exploit. The provided documents do not spec...
CVE-2020-37198 Duplicate Cleaner Pro 4 - Denial of Service
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...
CVE-2020-37198
CVE-2020-37198 affects Duplicate Cleaner Pro 4.1.3. The vulnerability is a denial of service caused by injecting an oversized buffer into the license key field, with a demonstrated 6000-byte payload that can be pasted into the license activation field to crash the application. Public sources in c...
CVE-2020-37198 Duplicate Cleaner Pro 4 - Denial of Service
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...
CVE-2020-37198
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...
PT-2026-7711
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash...
DigitalVolcano Duplicate Cleaner Pro 安全漏洞
DigitalVolcano Duplicate Cleaner Pro is a duplicate file cleaning tool developed by the British company DigitalVolcano. Version 4.1.3 of DigitalVolcano Duplicate Cleaner Pro contains a security vulnerability caused by a buffer overflow in the license key field, which may lead to the application...
DigitalVolcano TextCrawler Pro 安全漏洞
DigitalVolcano TextCrawler Pro is a batch text search and replacement tool developed by the British company DigitalVolcano. Version 3.1.1 of DigitalVolcano TextCrawler Pro contains a security vulnerability caused by a buffer overflow in the license key field, which may lead to the application...
PT-2026-7696
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...
CVE-2025-15508
The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...