25 matches found
CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...
CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...
PT-2026-32979
Name of the Vulnerable Software and Affected Versions next-intl versions prior to 4.9.1 Description Applications using the middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host. This occurs...
CVE-2025-57529
YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...
CVE-2025-14384
CVE-2025-14384 affects the All in One SEO – Powerful SEO Plugin for WordPress (versions ≤ 4.9.2). It arises from a missing capability check on the REST route /aioseo/v1/ai/credits, allowing authenticated users with Contributor-level access and above to disclose the global AI access token. Wordfen...
EUVD-2025-205198
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...
CVE-2025-13741 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...
CVE-2025-62935
CVE-2025-62935 is a missing/broken authorization vulnerability in the WordPress plugin "Open Close Store for WooCommerce" (woc-open-close). Connected sources confirm a Broken Access Control / Missing Authorization issue affecting Open Close WooCommerce Store: affected versions include up to 5.0.0...
CVE-2025-10637 Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure
The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagr...
CVE-2025-48945
Affected component: pycares (Python module interfacing with c-ares). Vulnerability: use-after-free when a Channel object is garbage-collected while DNS queries are still pending, leading to a fatal Python error and interpreter crash. Versions: vulnerable prior to pycares 4.9.0 (fixed in 4.9.0). R...
CVE-2019-14968
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action...
WordPress plugin Newsletters 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-26570 WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9...
Dell Storage Resource Manager 资源管理错误漏洞
Dell Storage Resource Manager is a software for managing storage resources from Dell USA. A resource management error vulnerability exists in Dell Storage Resource Manager version 4.9.0.0 and earlier, which stems from the presence of session fixation and can be exploited by an unauthenticated...
PT-2023-31352
Name of the Vulnerable Software and Affected Versions Nextcloud iOS Files app versions prior to 4.9.2 Description The issue affects the Nextcloud iOS Files app, which is used to interact with the Nextcloud self-hosted productivity platform. It allows the application to be used without providing t...
PT-2023-32236 · Undefined · Undefined
‼ CVE-2023-5647 ‼ The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as...
Contiki-NG Buffer Error Vulnerability
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG 4.9 and earlier versions suffer from a buffer error vulnerability that stems from allowing an attacker to inject TCP packets resulting in out-of-bounds buffer reads...
CVE-2019-18912
A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution...
tcpdump: Buffer over-read in print_trans() function in print-smb.c
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:printtrans for \MAILSLOT\BROWSE and \PIPE\LANMAN...