Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the pages.access permission check during the rendering process of page drafts. An attacker can gain unauthorized access to sensitive page draft content by authenticating as a user without the required permission...

CVE-2026-3222

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

MiracleLinux 7 : samba-4.9.1-6.el7 (AXSA:2019-4253:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4253:03 advisory. samba: save registry file outside share as unprivileged user CVE-2019-3880 Tenable has extracted the preceding description block directly from the MiracleLin...

EUVD-2026-2788

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

PT-2026-3095

Name of the Vulnerable Software and Affected Versions ZITADEL versions prior to 4.9.1 ZITADEL versions prior to 3.4.6 Description ZITADEL is an open source identity management platform. A user enumeration issue exists in the login interfaces. An unauthenticated attacker can determine the existenc...

CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

CVE-2025-67950 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

EUVD-2025-202064

Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through = 4.9.1...

CVE-2025-67589 WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through = 4.9.1...

CVE-2025-67589 WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through = 4.9.1...

PT-2025-49963

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoices & Packing Slips versions through 4.9.1 Description The software contains a flaw related to incorrectly configured access control security levels, allowing unauthorized access. The issue impacts the WooCommerce PDF...

WordPress plugin WooCommerce PDF Invoices & Packing Slips 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 4.9.1...

WordPress Post Expirator plugin <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification vulnerability

Authenticated Author+ Missing Authorization to Post/Page Status Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.1...

EUVD-2017-8259

Malware in sbrugna...

EUVD-2022-49640

Malicious code in bioql PyPI...

Wazuh server remote code execution caused by an unsafe deserialization vulnerability.

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

OPENSUSE-SU-2025:15164-1 screen-4.9.1-5.1 on GA media

These are all security issues fixed in the screen-4.9.1-5.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-27408

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...