CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

CVE-2026-24527

The CVE-2026-24527 entry covers a Missing Authorization (Broken Access Control) vulnerability in WordPress Autoship Cloud for WooCommerce Subscription Products, affecting versions up to 2.14.0. Root cause is misconfigured access control security levels, enabling potential unauthorized access. CVS...

WordPress plugin Autoship Cloud for WooCommerce Subscription Products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the isFileTypeAllowed function in the Bucket component. An attacker can execute arbitrary code on the server by renaming files with a .php extension through specially crafted filenames. This is only exploitable...

CVE-2026-24388

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

CVE-2025-59790

CVE-2025-59790 affects Apache Kvrocks (versions 2.9.0–2.13.0). The root issue is improper privilege management, specifically relating to the RESET command, which can elevate privileges to administrator level. A fix is available in Kvrocks 2.14.0. Multiple sources (NVD, RH, CNVD, OSV, CNVD/others)...

PT-2025-48340

Name of the Vulnerable Software and Affected Versions Apache Kvrocks versions 1.0.0 through 2.13.0 Description The MONITOR command in Apache Kvrocks has a flaw that can expose plaintext credentials. This issue affects versions 1.0.0 through 2.13.0. Recommendations Upgrade to version 2.14.0 to...

EUVD-2016-5746

Malware in sbrugna...

EUVD-2017-3163

Malware in sbrugna...

EUVD-2023-33630

Malicious code in bioql PyPI...

Security Bulletin: Vulerability commons-io affects IBM Integrated Analytics System

Summary The commons-io library is used by IBM Integrated Analytics System for input/output processing. A vulnerability was identified in the org.apache.commons.io.input.XmlStreamReader class, where processing untrusted input could result in excessive CPU usage, potentially leading to a denial of...

Amazon Linux 2 : apache-commons-io (ALAS-2025-2927)

The version of apache-commons-io installed on the remote host is prior to 2.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2927 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader clas...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an uncontrolled resource consumption in Apache Commons IO [CVE-2024-47554]

Summary IBM Watson Speech Services Cartridge is vulnerable to an uncontrolled resource consumption in Apache Commons IO, due to a flaw in the org.apache.commons.io.input.XmlStreamReader class that may allow maliciously crafted input to excessively consume CPU resources while processing...

PT-2025-18019 · Ververica · Ververica Platform

Name of the Vulnerable Software and Affected Versions: Ververica Platform version 2.14.0 Description: The issue is a Reflected XSS vulnerability. It can be exploited via a "namespaces/default/formats" URI. Recommendations: For Ververica Platform version 2.14.0, consider restricting access to the...

Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)

Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

Apache Commons IO 2.0.x < 2.14.0 DoS Vulnerability

The Apache Commons IO library is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-47554

A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...