CVE-2026-44589

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

EUVD-2026-30364

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

EUVD-2026-20056

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...

CVE-2026-32524

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Photo Engine versions = 6.4.9...

EUVD-2025-203576

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.4.9...

CVE-2025-66134 WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.5.1...

PT-2025-51422

Name of the Vulnerable Software and Affected Versions NinjaTeam FileBird Pro versions through 6.4.9 Description An authorization issue exists in NinjaTeam FileBird Pro filebird-pro, stemming from incorrectly configured access control security levels. This allows for exploitation of the system...

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

PYSEC-2025-178

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

CVE-2024-23664

A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...

PT-2023-18710 · Sandisk · Sandisk Privateaccess

Name of the Vulnerable Software and Affected Versions: SanDisk PrivateAccess versions prior to 6.4.9 Description: The issue concerns the support of insecure TLS 1.0 and TLS 1.1 protocols, making the system susceptible to man-in-the-middle attacks. This compromises the confidentiality and integrit...

Fortinet Fortigate RSA SSH host key lost at shutdown (FG-IR-22-228)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-228 advisory. - A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below,...

CVE-2021-32745

Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...

CVE-2021-32744

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...

Collabora Online 安全漏洞

Collabora Online is an application from Collabora. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions 4.2.17-1 through 6.4.9-5, which allows an unauthenticated attacke...

Directory Traversal in serve

Affected versions of serve do not properly handle %2e . and %2f / characters, and allow the, characters to be used in paths. This can be used to traverse the directory tree and list content of any directory the user running the process has access to. Mitigating factors: This vulnerability only...