CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2026-1618

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2026-1618

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2026-1619 IDOR in Universal Sotware's FlexCity/Kiosk

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

CVE-2026-1619

CVE-2026-1619 is an authorization bypass in Universal Software Inc.'s FlexCity/Kiosk (versions 1.0 up to 1.0.35). The vulnerability stems from a user-controlled key that enables exploitation of trusted identifiers, with CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (base score 8.3). Affected prod...

CVE-2026-1618

CVE-2026-1618 describes an Authentication Bypass in Universal Software Inc. FlexCity/Kiosk, enabling Privilege Escalation. Affected: FlexCity/Kiosk versions prior to 1.0.36 (1.0.1+ through 1.0.35). Root cause: an alternate path or channel allows bypassing authentication, resulting in high-impact ...

CVE-2025-69822

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame...

Atomberg Erica Smart Fan security vulnerability

The Atomberg Erica Smart Fan is a smart ceiling fan produced by the Indian company Atomberg. Version 1.0.36 of the Atomberg Erica Smart Fan contains a security vulnerability. This vulnerability stems from a specially crafted authentication frame, which could allow attackers to obtain sensitive...

CVE-2025-49335 WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through = 1.0.36...

CVE-2025-49335

CVE-2025-49335 affects the WordPress External Media plugin up to version 1.0.36. The Red Hat, NVD, CVE lists, and Patchstack entries confirm a Server-Side Request Forgery (SSRF) vulnerability in minnur External Media that could enable the app to initiate requests on behalf of the server. The root...

PT-2026-1663

Name of the Vulnerable Software and Affected Versions minnur External Media versions through 1.0.36 Description A Server-Side Request Forgery SSRF vulnerability exists in minnur External Media. This issue allows for Server Side Request Forgery. Recommendations Update minnur External Media to a...

WordPress plugin External Media 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-5919

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...

CVE-2025-5919

CVE-2025-5919 affects the WordPress plugin “Appointment Booking Calendar – WP Timetics Booking Plugin.” The vulnerability stems from a missing capability check in the update and register_routes functions across versions up to 1.0.36, allowing unauthenticated attackers to view and modify booking d...

WordPress plugin Appointment Booking and Scheduling Calendar Plugin – WP Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by mcdruid in WordPress Plugin External Media versions = 1.0.36...

EUVD-2023-36501

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-3122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function...

CVE-2024-31117

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36...