CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

CVE-2026-22589 affects Spree (Rails e-commerce); unauthenticated IDOR allows access to guest address data. Affected: Spree versions before 4.10.2, 5.0.7, 5.1.9, and 5.2.5. Patch/mitigation: upgrade to 4.10.2+, 5.0.7+, 5.1.9+, or 5.2.5+. Root cause cited as faulty authorization (CanCanCan) leading...

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

EUVD-2024-53010

Malicious code in bioql PyPI...

EUVD-2024-39632

Malicious code in bioql PyPI...

EUVD-2024-39629

Malicious code in bioql PyPI...

EUVD-2024-53012

Malicious code in bioql PyPI...

EUVD-2024-53009

Malicious code in bioql PyPI...

CVE-2024-56211

Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56214

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-31892

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

CVE-2024-56210 WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56211 WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9...

CVE-2024-56211

CVE-2024-56211 affects the WordPress Plugin UserPro by DeluxeThemes (versions up to 5.1.9). The connected documents describe a Missing Authorization vulnerability that enables an authenticated user to perform an Arbitrary User Meta Update, due to insufficient authorization checks in UserPro. The ...

WordPress plugin Userpro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-36746 · Deluxethemes · Userpro

Name of the Vulnerable Software and Affected Versions: Userpro versions n/a through 5.1.9 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This problem affects DeluxeThemes Userpro. Recommendations: For...

PT-2024-36745 · Deluxethemes · Userpro

Name of the Vulnerable Software and Affected Versions: Userpro versions up to 5.1.9 Description: The issue is related to a missing authorization vulnerability in DeluxeThemes Userpro. This problem allows unauthorized access due to the lack of proper authorization checks. Recommendations: For...

CVE-2024-52586 eLabFTW MFA bypass

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...