CVE-2026-26793

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from the module parameter in the M.getsystemlog function, which allows for command injection, potentially...

CVE-2026-26793

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

CVE-2026-24606

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through = 4.3.13...

CVE-2026-24606

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through = 4.3.13...

CVE-2026-24606 WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through = 4.3.13...

CVE-2026-24606 WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through = 4.3.13...

CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

WordPress CM Tooltip Glossary plugin <= 4.3.11 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CM Tooltip Glossary versions = 4.3.11...

GL.iNet多款产品 安全漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet GL.iNet.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR750 is a router. A security vulnerability exists in various GL.iNet products. The vulnerability stems from the fact that an attack...

PT-2024-28398 · Gl.Inet · X750 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

CVE-2022-23634 Information Exposure when using Puma with Rails

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination ...

Directory Traversal Vulnerability in Xunrui CMS 4.3.11 Backend

Xunrui CMS system is a free, simple, efficient and flexible PHP content management system. A directory traversal vulnerability exists in the backend of XunRui CMS 4.3.11, which can be exploited by an attacker to traverse the server's directory information with permissions...

PYSEC-2017-62

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

PYSEC-2017-63

Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PYSEC-2017-58

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

Updated libxmp packages fix security vulnerability

The libxmp package has been updated to version 4.3.11, fixing several bugs, including possible crashes when loading corrupted input data. See the upstream changelog for details...

openSUSE: Security Advisory for horde (openSUSE-SU-2012:0287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...