CVE-2025-64265

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

WordPress plugin Frontend File Manager 安全漏洞

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...

EUVD-2025-30683

Malicious code in bioql PyPI...

EUVD-2024-19253

Malicious code in bioql PyPI...

WordPress Frontend File Manager plugin <= 23.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Hiro Code016Hiro in WordPress Plugin Frontend File Manager versions = 23.3...

CVE-2025-57921 WordPress Frontend File Manager plugin <= 23.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.3...

PT-2025-38772

Name of the Vulnerable Software and Affected Versions N-Media Frontend File Manager versions through 23.2 Description An authorization issue exists in N-Media Frontend File Manager due to incorrectly configured access control security levels. This allows for exploitation of the system...

WordPress plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-21557

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interacti...

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-47876 Sakai: Kernel users created with type roleview can login as a normal user

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability...

CVE-2024-47876

Sakai Kernel vulnerability CVE-2024-47876: Kernel users created with the type roleview could log in as normal users, enabling unauthorized access. Affected in Sakai versions up to 23.2; fixed in 23.3. Root cause: improper access control allowing roleview kernel users to authenticate as non-privil...

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

CVE-2024-4219

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability...

PT-2024-13248 · Opentext · Opentext Appbuilder

Name of the Vulnerable Software and Affected Versions: OpenText AppBuilder versions 21.2 through 23.2 Description: The issue is related to improper input validation, allowing an authenticated user with database creation or management privileges to exploit the AppBuilder server. This exploitation...

PT-2023-27146 · Ericsson · Ericsson Network Manager

Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager versions prior to 23.2 Description: The issue is related to mishandled Access Control, allowing unauthenticated low-privilege users to access the NCM application. Recommendations: For versions prior to 23.2, update to...

CVE-2023-3425

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory...

PT-2023-24773 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 23.8.12892.6 M-Files Server LTS Service Release Versions prior to 23.2 LTS SR3 Description: The issue is an out-of-bounds read that allows an unauthenticated user to read a restricted amount of bytes from...

Debian Security Advisory DSA 2603-1 (emacs23 - programming error)

Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to safe . OpenVAS Vulnerability Test $Id: deb2603.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2603-1 using nvtgen 1.0 Script version: 1.0 Author:...