CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...

Airsonic-Advanced 代码问题漏洞

Airsonic-Advanced is an open source music streaming server from Airsonic. A code issue vulnerability exists in Airsonic-Advanced version 10.6.0 and earlier, which stems from the Playlist Upload Handler component not limiting uploads, which could lead to remote attacks...

CVE-2025-22472

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2024-30149

HCL AppScan Source = 10.6.0 does not properly validate a TLS/SSL certificate for an executable...

Symantec Messaging Gateway 10 Exposure Of Stored AD Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...

CrushFTP 安全漏洞

CrushFTP is a file transfer server. A security vulnerability exists in CrushFTP version v.10.6.0 and v.10.5.5, which stems from the presence of a cross-site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload...

CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...

MariaDB 10.6.0 < 10.6.16

The version of MariaDB installed on the remote host is prior to 10.6.16. It is, therefore, affected by a vulnerability as referenced in the 10.6.16 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior,...

TIBCO Software Nimbus Cross-Site Scripting Vulnerability

TIBCO Software Nimbus is a business application for process documentation from TIBCO Software, USA. A cross-site scripting vulnerability exists in TIBCO Software Nimbus version 10.6.0 and earlier. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...

Tenable Nessus Multiple Vulnerabilities (TNS-2023-29, TNS-2023-31)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0...

Tenable Nessus < 10.6.0 Multiple Vulnerabilities (TNS-2023-29)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-29 advisory. - A pass-back vulnerability exists where an authenticated, remote attacker with...

MariaDB 10.6.0 < 10.6.7 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.6.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.6.7 advisory. - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with...

MariaDB 10.6.0 < 10.6.5 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.6.5 advisory. - An issue in the component Usedtablesandconstcache::usedtablesandconstcachejoin of MariaDB Server v10.7 and below was discovered to...

Cisco Connected Mobile Experiences (CMX) 访问控制错误漏洞

Cisco Connected Mobile Experiences CMX is an intelligent Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics to consumers' mobile devices. A user enumeration vulnerability exists in API authorization for Cisco Connected Mobile Experiences...

Cisco Connected Mobile Experiences Elevation of Privilege Vulnerability

Cisco Connected Mobile Experiences CMX is an intelligent Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics to consumers' mobile devices. An elevation of privilege vulnerability exists in Cisco Connected Mobile Experiences 10.6.0, 10.6.1...

CVE-2019-17337 TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting XSS attack. Affected releases are TIBCO Software Inc.'...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability (cisco-sa-20161207-pca)

Cisco Prime Collaboration Assurance is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...