CVE-2026-25309

CVE-2026-25309 describes a Missing Authorization vulnerability in the PublishPress Authors plugin (publishpress-authors). The description notes exploitation arises from incorrectly configured Access Control Security Levels, enabling unauthorized access where authority checks are bypassed. Affecte...

CVE-2026-25309 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...

PT-2026-27897

Name of the Vulnerable Software and Affected Versions PublishPress Authors versions through 4.10.1 Description A missing authorization flaw exists in PublishPress Authors. This issue allows exploitation of incorrectly configured access control security levels. Recommendations Update PublishPress...

CVE-2026-25330

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...

PT-2026-20698

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...

CVE-2026-25485

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

EUVD-2026-5208

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input source is in Commerce Product Type setting...

CVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

CVE-2025-50004

CVE-2025-50004 describes a deserialization of untrusted data vulnerability in the WordPress plugin JupiterX Core (jupiterx-core), enabling PHP Object Injection. Affected versions are JupiterX Core

Mayan EDMS 输入验证错误漏洞

Mayan EDMS is a free web-based document management system from Mayan EDMS, Inc. for managing documents within an organization. An input validation error vulnerability exists in Mayan EDMS version 4.10.1 and earlier, which stems from incorrect manipulation of the file /authentication/ and could le...

PT-2025-51177

Name of the Vulnerable Software and Affected Versions Mayan EDMS versions up to 4.10.1 Description A cross-site scripting issue exists in Mayan EDMS. The issue is located in an unknown function within the /authentication/ component and can be exploited remotely. The exploit is publicly available...

CVE-2024-31343

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1...

CVE-2019-5940

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'...