265 matches found
CVE-2026-25564
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...
PT-2026-5078
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...
CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2026-004937)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004937 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...
WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...
PT-2026-3750
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...
MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-4053:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4053:02 advisory. tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 tomcat: Late...
CVE-2025-13935
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...
perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS
A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not verifying the existence of a device altmode partner, which could result in a null pointer dereference...
CVE-2025-47387
Memory Corruption when processing IOCTLs for JPEG data without verification...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2025-47387
Memory Corruption when processing IOCTLs for JPEG data without verification...
EUVD-2025-204023
Memory Corruption when processing IOCTLs for JPEG data without verification...
CVE-2025-61318
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
EUVD-2025-198232
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...
CVE-2025-65033
Rallly prior to 4.5.4 contains an authorization flaw in the poll management feature: polls are identified only by pollId, and ownership is not verified. This allows any authenticated user to pause or resume any poll, compromising integrity and availability. The issue has been patched in version 4...
CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...