CVE-2026-42412

CVE-2026-42412 affects the WordPress plugin WP User Frontend up to version 4.3.1. The vulnerability is described as a Missing Authorization vulnerability caused by incorrectly configured access control levels (Broken Access Control). CVSS 3.1 base score is 6.5 (Network vector, Low attack complexi...

CVE-2025-41451

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

PT-2025-34328 · Danfoss · Ak-Sm8Xxa

Name of the Vulnerable Software and Affected Versions: Danfoss AK-SM8xxA Series versions prior to 4.3.1 Description: A post-authenticated external control of system web interface configuration setting issue exists. This could allow for a denial of service attack due to improper handling of...

PT-2017-19317 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: The issue allows an attacker to inject arbitrary HTML or JavaScript code as a parameter in a REST call, potentially leading to a cross-site scripting XSS attack. When an invalid REST cal...

OSNEXUS QuantaStor v4 Virtual Appliance Information Disclosure Vulnerability

OSNEXUS QuantaStor v4 virtual appliance is a virtual storage appliance from OSNEXUS USA. An information disclosure vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance versions prior to 4.3.1. The vulnerability can be exploited by an attacker to enumerate valid accounts on a system by...