EUVD-2025-201094

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

CVE-2025-52757

Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through 7.8.0...

EUVD-2025-35406

Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through = 7.6.0...

WordPress plugin SUMO Memberships for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Fortinet FortiWeb CLI 安全漏洞

Fortinet FortiWeb CLI is a command line interface from Fortinet, Inc. A security vulnerability exists in Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 and prior to 7.4.8, which originates from a stack buffer overflow and could lead to the execution of arbitrary code...

PT-2025-32873 · Fortinet · Fortimanager Cloud +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.6.0 through 7.6.1 Fortinet FortiManager versions 7.4.0 through 7.4.5 Fortinet FortiManager versions 7.2.0 through 7.2.9 Fortinet FortiManager versions prior to 7.0.13 Fortinet FortiManager Cloud versions 7.6.0...

CVE-2023-44999

Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0...

CVE-2024-35219

A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219

OpenAPI Generator (OpenAPI Tools) before version 7.6.0 is vulnerable to path traversal via the outputFolder option, allowing an attacker to read and delete files in arbitrary writable directories. The known impacted range is

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2023-44999

Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0...

CVE-2023-44999 WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0...

Security Bulletin: IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF) (CVE-2020-4529)

Summary IBM Maximo Asset Management is vulnerable to server side request forgery SSRF Vulnerability Details CVEID: CVE-2020-4529 DESCRIPTION: IBM Maximo Asset Management is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage enterprise physical assets through a public platform. IBM Maximo Asset Management version 7.6.0, 7.6.1 contains a cross-site scripting vulnerability that stems from the lack of proper validation of...

Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-05)

Elasticsearch is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-4521

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2019-4582

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 167288...

CVE-2019-4478

IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998...