Linux Distros Unpatched Vulnerability : CVE-2022-25314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString. CVE-2022-25314 Note that Nessus relies on the presence of the package as reporte...

CVE-2025-52834

CVE-2025-52834 corresponds to an SQL Injection in the WordPress theme/favethemes Homey. The initial record confirms the vulnerability affects Homey versions n/a through 2.4.5 and classifies the flaw as an SQL injection due to improper neutralization of elements in SQL commands (high impact on con...

WordPress plugin Homey SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges. Remediation Upgrade...

GHSA-8HCX-XVWW-6C6H Magento Security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...

TencentOS Server 3: expat (TSSA-2022:0021)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0021 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass via improper enforcement of access controls. An attacker can gain limited write access by bypassing security measures without requiring user...

Adobe Commerce 访问控制错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe USA. An access control error vulnerability exists in Adobe Commerce that stems from an improper access control issue that could result in elevation of privilege. The following versions are affected:...

CVE-2024-6843

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5...

CVE-2023-27234

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

CVE-2022-3232

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...

CVE-2025-32540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through = 2.4.5...

CVE-2025-32620

CVE-2025-32620: Missing Authorization in the WordPress Doppler Forms plugin (

CVE-2025-32667

Cross-Site Request Forgery CSRF vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through = 2.5.1...

CVE-2025-32165 WordPress Doppler Forms plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through = 2.5.1...

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4,...

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2...

PT-2025-6370 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.7-p3 Adobe Commerce versions 2.4.6-p8 Adobe Commerce versions 2.4.5-p10 Adobe Commerce versions 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerabilit...