55 matches found
CVE-2026-24468
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...
CVE-2026-8733 Investintech SlimPDFReader SlimPDFReader.exe sub_3B4610 stack-based overflow
A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and...
PT-2026-41518
A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub 3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public an...
Investintech SlimPDF Reader 缓冲区错误漏洞
Investintech SlimPDF Reader is a free PDF reader and viewer provided by the Canadian company Investintech. Versions of Investintech SlimPDF Reader 2.0.13 and earlier contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the sub3B4610 function within the...
CVE-2026-5306 Check & Log Email < 2.0.13 - Unauthenticated Stored XSS
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
PT-2026-35668
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
CVE-2026-24468
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...
CVE-2026-24468 OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...
CVE-2026-24468
OpenAEV versions prior to 2.0.13 expose an account-enumeration flaw via the /api/reset login parameter. If the email does not exist, the API returns 400 Bad Request; if the email exists, it returns 200. This observable response difference enables an attacker to reliably determine which emails are...
CVE-2026-39643
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through = 2.0.13...
EUVD-2026-20302
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through = 2.0.13...
CVE-2026-39643 WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through = 2.0.13...
PT-2026-31207
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through = 2.0.13...
WordPress plugin Payment Plugins for PayPal WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
EUVD-2026-8597
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...
CVE-2026-27614
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
EUVD-2016-9452
Malware in sbrugna...