53 matches found
15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin
On March 24th, 2026, we received a submission for an Unauthenticated Administrator Account Creation vulnerability in WP Maps Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for unauthenticated attackers to create new administrator accounts on the affected...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...
K000160014: Apache Struts vulnerability CVE-2025-68493
Security Advisory Description Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVE-2025-68493 Impact...
Linux Distros Unpatched Vulnerability : CVE-2025-66648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user...
CVE-2019-12771
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring...
CVE-2024-2375
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...
UBUNTU-CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
EUVD-2025-204198
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...
PT-2025-52048
Name of the Vulnerable Software and Affected Versions miniOrange's Google Authenticator versions through 6.1.1 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system...
EUVD-2019-7850
Malware in sbrugna...
Third-Party Dependency in Crowd Data Center
Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...
ABB System 800xA 安全漏洞
ABB System 800xA is a distributed control system from ABB Switzerland for the industrial control industry. ABB System 800xA has a security vulnerability that originates from storing camera passwords in clear text, which allows an attacker to stop or manipulate the video feed. The affected version...
SUSE CVE-2024-35365
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpegmuxinit.c component of FFmpeg, specifically within the newstreamaudio function...
PT-2024-27097 · Unknown +1 · Libavcodec +1
Name of the Vulnerable Software and Affected Versions: FFmpeg version 6.1.1 Description: The issue is related to an integer overflow in the WAVARC decoder of the libavcodec library when handling certain block types. This can lead to a denial-of-service DoS condition. Recommendations: For FFmpeg...
PT-2024-27096
Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow in the AVI demuxer of the libavformat library, potentially resulting in a denial-of-service DoS condition. Recommendations For version 6.1.1, consider updating to a...
MongoDB Server Library Local Privilege Escalation Vulnerability (SERVER-69507) - Linux
MongoDB is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...
WordPress plugin WPQA Builder cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...
PT-2024-20062 · WordPress · Wpqa Builder
Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 6.1.1 Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. Recommendations:...