CVE-2025-68072

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.20...

CVE-2025-68072 WordPress Easy Property Listings plugin <= 3.5.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.20...

CVE-2025-68072

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.17...

CVE-2025-68072

CVE-2025-68072 affects Easy Property Listings (WordPress plugin) with versions up to 3.5.17. The issue is Missing Authorization due to incorrectly configured access control, enabling unauthorized access to certain functions. CVSS 3.1 base score 6.5 (Network, Low confidentiality/Integrity impact, ...

WordPress Easy Property Listings plugin <= 3.5.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Property Listings versions = 3.5.19...

PT-2026-4075

Name of the Vulnerable Software and Affected Versions Easy Property Listings versions through 3.5.17 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation of the system...

Mastodon < 3.5.17 Authentication Bypass

According to its self-reported version number, the version of Mastodon running on the remote host is prior to 3.5.17 or 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.13 or 4.2.x prior to 4.2.5. Therefore, it may be affected by a remote user impersonation and takeover. Note that the scanner has not...

AZL-31489 CVE-2023-43788 affecting package libXpm for versions less than 3.5.17-1

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

AZL-13248 CVE-2022-4883 affecting package libXpm for versions less than 3.5.17-1

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2021-21869

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

CVE-2021-21863

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2021-7779 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality. This issue is related to deficiencies in the deserialization mechanism,...

CVE-2021-21864

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

CVE-2021-20280

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

UBUNTU-CVE-2021-20283

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

PT-2021-13871 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: moodle versions prior to 3.10.2 moodle versions prior to 3.9.5 moodle versions prior to 3.8.8 moodle versions prior to 3.5.17 Description: The ID number user profile field required additional sanitizing to prevent a stored XSS risk...

WordPress No External Links 3.5.17 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory WordPress No External Links Plugin Security Vulnerability Advisory ID: DC-2017-01-022 Advisory Title: WordPress No External Links Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress No External Links Plugi...

Squid Poisoning Vulnerability (SQUID-2016:7) - Linux

Squid is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

Squid Poisoning Vulnerability (SQUID-2016:7) - Windows

Squid is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...