292 matches found
Integrate Google Drive <= 1.5.3 - Information Disclosure
File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...
EUVD-2026-43141
The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...
SUSE SLED15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2026:2835-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2835-1 advisory. This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an...
SUSE SLES15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2026:2834-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2834-1 advisory. This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an unauthenticated, remote...
SUSE-SU-2026:22574-1 Security update for clamav
This update for clamav fixes the following issues: Update to version 1.5.3. Security issues fixed: - CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files during scanning bsc1270107. - CVE-2026-20214: out-of-bounds write due to improper boundary checks for...
CVE-2025-63079
CVE-2025-63079 concerns the WordPress plugin Live Copy Paste for Elementor (versions
PT-2026-52711
Name of the Vulnerable Software and Affected Versions Live Copy Paste for Elementor versions prior to 1.5.4 Description Broken access control allows users with the Contributor role to perform unauthorized actions. Recommendations Update Live Copy Paste for Elementor to version 1.5.4 or later...
EUVD-2026-36920
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
CVE-2026-34898
The CVE-2026-34898 entry concerns the WordPress plugin “Event Tickets Manager for WooCommerce” (versions <= 1.5.3). It describes Unauthenticated Broken Access Control, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, base score 7.5 (HIGH). The vulnerability impacts integrity (...
PT-2026-49365
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
CVE-2026-35608
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
Astra Linux – Vulnerability in Grunt
The file.copy operations in GruntJS are vulnerable to a TOCTOU race condition, which can lead to arbitrary file writes in the GitHub repository gruntjs/grunt before version 1.5.3. This vulnerability allows for arbitrary file writes that can lead to local privilege escalation to the GruntJS user...
CVE-2026-35608
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
EUVD-2026-19784
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
PT-2026-30909
Name of the Vulnerable Software and Affected Versions QuickDrop versions prior to 1.5.3 Description QuickDrop, a file sharing application, contains a stored cross-site scripting XSS issue in the file preview functionality. The application allows the upload of SVG files via the...
CVE-2026-28798
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...
CVE-2026-34745
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...