760 matches found
CVE-2026-25310
Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...
CVE-2026-27055
CVE-2026-27055 affects the WordPress plugin Penci AI SmartContent Creator (versions
CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...
WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability
Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...
WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...
CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listinguserrole' parameter. This makes it possible for...
WordPress plugin Magic Login Mail or QR Code 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1833
The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-7675
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler SEH. Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH...
BIT-CHECKOV-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted...
PT-2026-6039
Name of the Vulnerable Software and Affected Versions Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress versions up to and including 2.0.2 Description The Robin Image Optimizer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs...
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...
PT-2026-6373
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...
CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...
binarium (=2.1.3), hunter-open-sdk (>=0.0.20 <=2.0.0-beta.19) potentially affected by CVE-2026-24884 via compressing (=2.0.0)
compressing NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on compressing and may be impacted: - binarium =2.1.3 - hunter-open-sdk =0.0.20, =2.0.0-beta.19 Source cves: CVE-2026-24884 Source advisory: SNYK:JS-COMPRESSING-15202444...
PT-2026-5902
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description A potential command injection issue exists in HCL AION. This could allow unintended command execution, potentially leading to unauthorized actions on the underlying system. Recommendations At the moment, there ...
PT-2026-5907
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a security issue involving the storage of sensitive session data in persistent cookies. This practice can elevate the risk of unauthorized access if these cookies are intercepted or...
PT-2026-5729
Name of the Vulnerable Software and Affected Versions PolarLearn versions 0-PRERELEASE-15 and earlier Description The OAuth 2.0 implementation for GitHub and Google login providers is susceptible to Login Cross-Site Request Forgery CSRF. The application does not implement and verify the state...