WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

EUVD-2026-33923

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

CVE-2026-42875

External Secrets Operator contains a namespace isolation bypass in CAProvider ConfigMap resolution for SecretStore. Before v2.4.0, Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set, bypassing th...

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

GHSA-35XX-9XRG-GWHF Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

📄 Dovecot ManageSieve Crash Denial of Service

This Metasploit auxiliary module targets a denial of service vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes. Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2. Fixed in versions 2.4.3 and 3.1.3...

CLEANSTART-2026-NN77774 Security fixes for CVE-2026-33186, ghsa-p77j-4mvh-x3m3 applied in versions: 2.4.0-r0

Multiple security vulnerabilities affect the crossplane-provider-azure package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-33665

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

SUSE CVE-2026-4751

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0...

CVE-2026-4751

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0...

tmate 安全漏洞

tmate is an open-source instant messaging terminal sharing tool developed by tmate-io. Versions of tmate prior to 2.4.0 contained a security vulnerability, which was caused by a null pointer dereferencing...

EUVD-2026-11937

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through = 2.4.0...

CVE-2026-32416

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through = 2.4.0...

CVE-2026-32416 WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through = 2.4.0...

CVE-2026-32416

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through = 2.4.0...

CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

EUVD-2026-10407

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin PDF Poster versions = 2.4.0...