Astra Linux - уязвимость в containerd

Containerd is an open-source container runtime. A bug was discovered in Containerd prior to versions 1.6.18 and 1.5.18, where supplementary groups were not set up properly within a container. If an attacker has direct access to a container and manipulates the supplementary group permissions, they...

EUVD-2026-15720

Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2026-25414

Affected software: WordPress WPBookit Pro (iqonicdesign) wpbookit-pro, vulnerable through version 1.6.18. Root cause: incorrect privilege assignment enabling privilege escalation. Impact: high confidentiality, integrity, and availability risk (CVE-2026-25414). Exploit status: not specified in the...

CVE-2026-25414 WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through = 1.6.18...

WordPress plugin WPBookit Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27941

Name of the Vulnerable Software and Affected Versions WPBookit Pro versions n/a through 1.6.18 Description The software contains a flaw that permits the upload of malicious files due to unrestricted file upload with a dangerous type. This allows for the use of malicious files. Recommendations...

PT-2026-27942

Name of the Vulnerable Software and Affected Versions WPBookit Pro versions n/a through 1.6.18 Description An incorrect privilege assignment exists in iqonicdesign WPBookit Pro wpbookit-pro, allowing for privilege escalation. The issue affects the software as described. Recommendations Update...

WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Plugin WPBookit Pro versions = 1.6.18...

CVE-2026-25415

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2026-25415

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2026-25415

CVE-2026-25415 concerns the WordPress plugin WPBookit Pro (iqonicdesign) with versions up to and including 1.6.18. The issue is described as a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels. Affected software may allow u...

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability

Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability discovered by Nguyen C in WordPress Plugin Advanced Product Fields Product Addons for WooCommerce versions = 1.6.17...

EUVD-2021-14785

Malware in sbrugna...

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747 Koillection csrf_protection_controller.js cross-site request forgery

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrfprotectioncontroller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

CVE-2025-9747

Koillection vulnerability CVE-2025-9747 affects versions up to 1.6.18 due to an unknown function in assets/controllers/csrf_protection_controller.js, enabling cross-site request forgery. The issue can be exploited remotely, and the exploit has been disclosed publicly. A fix is available in versio...

Koillection 安全漏洞

Koillection is a self-hosted service by the individual developer Benjamin Jonard that allows users to manage any type of collection. A security vulnerability exists in Koillection 1.6.18 and earlier versions, which stems from a cross-site request forgery attack due to misuse of the file...

CVE-2023-51524

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...

PT-2024-14178 · Weforms · Weforms

Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.18 and earlier Description: A Missing Authorization issue has been identified in weForms. This issue allows for potential unauthorized access. Recommendations: For weForms versions 1.6.18 and earlier, update to a version...