SUSE CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

EUVD-2025-35549

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through = 2.3.11...

PT-2025-43173

Name of the Vulnerable Software and Affected Versions bdthemes ZoloBlocks versions through 2.3.11 Description An authorization issue exists in bdthemes ZoloBlocks that allows exploiting incorrectly configured access control security levels. Recommendations Update to a version later than 2.3.11...

CVE-2025-54007 WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.11...

WordPress plugin Post Grid and Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-22287

Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through = 2.3.1...

Amazon Linux AMI : freetype (ALAS-2025-1976)

The version of freetype installed on the remote host is prior to 2.3.11-19.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1976 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related ...

CVE-2024-13476

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtzwdsavedropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13476

CVE-2024-13476 concerns the LTL Freight Quotes – GlobalTranz Edition WordPress plugin. The issue is an SQL Injection via the engtz_wd_save_dropship AJAX endpoint present in all versions up to 2.3.11, caused by insufficient escaping of a user-supplied parameter and inadequate preparation of the SQ...

CVE-2025-22290

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows SQL Injection.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a throu...

CVE-2025-22290

CVE-2025-22290 affects WordPress plugin LTL Freight Quotes – FreightQuote Edition (≤ 2.3.11). Root cause: improper neutralization of special elements in SQL commands, enabling SQL Injection. Impact per available data: high confidentiality impact and overall critical severity (CVSS v3.1 9.3). Affe...

WordPress plugin LTL Freight Quotes – FreightQuote Edition SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LTL Freigh...

WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme OnePress versions = 2.3.11...

CVE-2024-52427

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11...

WordPress Plugin Responsive Gallery Grid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

Elgg open redirect

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect...

Mageia: Security Advisory (MGASA-2016-0200)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...