WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.9...

DEBIAN-CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

CVE-2026-33916

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype...

EUVD-2024-52665

Malicious code in bioql PyPI...

CVE-2025-54738

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jobmonster allows Authentication Abuse.This issue affects Jobmonster: from n/a through = 4.7.9...

CVE-2025-54738

CVE-2025-54738 describes an authentication bypass in the WordPress plugin/theme NooTheme Jobmonster (WordPress JobMonster). The vulnerability allows authentication abuse via an alternate path or channel, affecting Jobmonster versions from n/a up to and including 4.7.9. Evidence from multiple sour...

CVE-2025-54738 WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9...

CVE-2025-54738 WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jobmonster allows Authentication Abuse.This issue affects Jobmonster: from n/a through = 4.7.9...

PT-2025-35077

Name of the Vulnerable Software and Affected Versions: NooTheme Jobmonster versions through 4.7.9 Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability exists in NooTheme Jobmonster, allowing Authentication Abuse. Recommendations: Update NooTheme Jobmonster to a...

WordPress plugin Jobmonster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Jobmonster Theme <= 4.7.9 is vulnerable to Broken Authentication

Software Jobmonster Type Theme Vulnerable versions = 4.7.9 Fixed in 4.8.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54738 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 87e1e5542be4 Credits Tran Nguyen...

WordPress plugin MasterStudy LMS Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-42913

RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the jobid parameter at /sasfs1...

CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version 4.7.9, which originates from a SQL injection vulnerability in the jobid parameter via /sasfs1...

RuoYi Cross-Site Scripting Vulnerability

RuoYi is a backend management system by the individual developer RuoYi in China. A cross-site scripting vulnerability exists in RuoYi 4.7.9 and earlier versions, which stems from a parameter manipulation that can lead to cross-site scripting attacks...

SUSE CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

Pluck Cross-Site Request Forgery Vulnerability

Pluck is a small and simple content management system CMS written in PHP. A cross-site request forgery vulnerability exists in Pluck version 4.7.9. A remote attacker can exploit this vulnerability to execute arbitrary code and delete specific images via the /admin.php?action=images component...