EUVD-2026-20199

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

CVE-2026-39543 WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

CVE-2026-39543

CVE-2026-39543 affects the WordPress Tourfic plugin (versions

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

CVE-2026-39543 WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

PT-2026-31150

CVE-2026-39543 Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: fr… https://t.co/hCHVJGngBw...

WordPress plugin Tourfic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

CVE-2026-34590

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

PT-2026-29855

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Tourfic versions = 2.21.4...

CVE-2023-25157

CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...

DEBIAN-CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...