4324 matches found
CVE-2026-1145
A flaw was found in quickjs-ng quickjs. This vulnerability, a heap-based buffer overflow, exists in the jstypedarrayconstructorta function. A remote attacker can exploit this by sending specially crafted input, which could lead to unauthorized information disclosure or system instability denial o...
CVE-2025-14844
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...
CVE-2025-14844
The CVE refers to the WordPress Membership Plugin – Restrict Content (versions through 3.2.16) with Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure. The flaw resides in rcp_stripe_create_setup_intent_for_saved_card where there is no proper capability ...
WordPress Membership Plugin - Restrict Content plugin <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability
WordPress Membership Plugin - Restrict Content plugin = 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability discovered by andrea bocchetti in WordPress Plugin Restrict Content versions = 3.2.16...
WordPress plugin “Membership Plugin” – Security vulnerability regarding content restriction
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-3242
Name of the Vulnerable Software and Affected Versions Restrict Content plugin for WordPress versions prior to 3.2.17 Description The Restrict Content plugin for WordPress is affected by a missing authentication issue. This occurs due to a missing capability check within the rcp stripe create setu...
Schneider Electric Zigbee Products
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EcoStruxure Process Expert (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
PT-2026-1779
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...
CVE-2021-33506
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...
PT-2026-1776
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System that allows for remote operating system command injection. This issue stems from the...
PT-2026-1870
Name of the Vulnerable Software and Affected Versions GL-iNet GL-AXT1800 router firmware version 4.6.8 Description A command injection issue exists in the plugins.install package RPC method. The method does not properly sanitize user input in package names, allowing authenticated attackers to...
TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service
Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...
PT-2026-1325
Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...
PT-2026-1031
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4 Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through...
PT-2026-1003
Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A security flaw exists in itsourcecode School Management System 1.0. The issue affects an unknown part of the file /student/index.php. Manipulation of the ID argument can lead to SQ...
PT-2025-53851
Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the formSetAdPushInfo function within the /goform/setAdPushInfo file. Manipulation of the mac/terminal argument can lead to a stack-based buffer overflow. This issue is potentially...
PT-2025-53855
Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router. A heap-based buffer overflow can be triggered by manipulating the arguments portIp, portMask, portGateWay, portDns, and portSecDns within the...
PT-2025-53790
Name of the Vulnerable Software and Affected Versions givanz VvvebJs version 1.7.2 Description givanz VvvebJs version 1.7.2 contains a flaw due to which an attacker can perform Directory Traversal via the scan.php file. This allows unauthorized access to files and directories on the system...
CVE-2025-14000
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...