PT-2026-26865

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wp ajax nopriv without proper authentication checks, capability...

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

Medium: ansible-core

Issue Overview: A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home director...

DEBIAN-CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

CVE-2024-27769

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices...

Unable to Unlock NFT Once it Locked and Owner may Lose His Token Permanently

Handle Meta0xNull Vulnerability details Impact function lockNft Allow Owner of NFT Lock his NFT. But Once it Locked, there is No UnLock Function and thus Owner may lose his token permanently because it is Required to be Unlock in beforeTokenTransfer. Proof of Concept Tools Used Manual Review...

PT-2017-4218 · Vim +4 · Vim +4

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 8.0.1263 Description: The issue is related to the fileio.c component in Vim, which sets the group ownership of a .swp file to the editor's primary group. This can allow local users to obtain sensitive information by...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)

source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...