9 matches found
CVE-2026-11912
The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...
CVE-2026-44339
Summary: A vulnerability in PraisonAI’s tool resolution allows undeclared main callables to be invoked through tool-call name manipulation. Prior to versions 4.6.37 (PraisonAI) and 1.6.37 (PraisonAIagents), unresolved tool names were resolved against module globals and main when the declared tool...
CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...
PT-2026-1652
Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor Pro versions prior to 6.3.7 Description An incorrect access control configuration can lead to unauthorized access. The issue concerns The Plus Addons for Elementor Pro. Recommendations Update The Plus Addons for...
CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
Bylancer QuickOrder SQL注入漏洞
Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...
CVE-2020-29019
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header...
PT-2021-3438 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.0 through 6.3.7 FortiWeb versions prior to 6.2.4 FortiWeb versions 6.3.11 and earlier Description: A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrar...
UBUNTU-CVE-2012-6090
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted filename...