CVE-2026-49045

The CVE-2026-49045 entry concerns the WordPress Adminimize plugin (versions up to 1.11.11). Affected component: Adminimize’s access control logic, with a Missing Authorization / Broken Access Control vulnerability. Root cause: improperly configured access control security levels that allow exploi...

CVE-2026-49045 WordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description A PHP object injection issue exists due to the unrestricted use of the unserialize function. Unauthenticated attackers can achieve remote code execution by...

Exploit for CVE-2025-49132

CVE-2025-49132PoC Pterodactyl Panel 1.11.11 - Remote Code Exe...

SUSE CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2025-69197

Pterodactyl Panel (versions

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

Pterodactyl 代码问题漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A code issue vulnerability exists in Pterodactyl version 1.11.11 and earlier that stems from an active SFTP connection not being revoked when a user is removed from a server instance or their SFTP file...

📄 Pterodactyl Panel Remote Code Execution

Pterodactyl Panel versions prior to 1.11.11 suffers from a remote code execution vulnerability. Exploit Title: Pterodactyl Panel 1.11.11 - Remote Code Execution RCE Date: 22/06/2025 Exploit Author: Zen-kun04 Vendor Homepage: https://pterodactyl.io/ Software Link:...

CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

WordPress Plugin Easy Google Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

PT-2024-23913 · Unknown · Supsystic Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Supsystic Easy Google Maps versions 1.11.11 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application th...

WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Easy Google Maps versions = 1.11.11...

CVE-2023-36686

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CartFlows Pro plugin = 1.11.11 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CartFlows Pro plugin = 1.11.11 versions...

WordPress plugin CartFlows Pro Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress CartFlows Pro Plugin <= 1.11.11 is vulnerable to Cross Site Scripting (XSS)

Software CartFlows Pro Type Plugin Vulnerable versions = 1.11.11 Fixed in 1.11.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36686 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fde18e13d181 Credits Rafie Muhammad...

OPENSUSE-SU-2018:0651-1 Security update for python-Django

This update for python-Django fixes the following issues: Update to 1.11.11 Fixes CVE-2018-7536, CVE-2018-7537...

[ASA-201803-6] python2-django: denial of service

Arch Linux Security Advisory ASA-201803-6 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python2-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...