8 matches found
CVE-2026-39355
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...
CVE-2026-32262
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...
WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.9.0...
TOTOLINK A950RG 安全漏洞
TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that stems from a failure to properly validate the length...
TOTOLINK T10 缓冲区错误漏洞
TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10v2 version 5.9c.5061B20200511, which stems from the pin parameter in setWiFiWpsConfig failing to correctly validate the length size of the input data, and...
CVE-2022-44003
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations...
UBUNTU-CVE-2017-10904
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors...