39 matches found
BIT-MASTODON-2026-47777 Mastodon has a consent-check bypass in its remote Collections
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2026-42655
CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...
CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...
CVE-2025-46371
Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...
CVE-2025-32747
Dell PowerFlex Manager
CVE-2026-21000
Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...
CVE-2026-2664
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...
CVE-2025-69296
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through = 4.6.3...
CVE-2026-20761
CVE-2026-20761 affects EnOcean SmartServer IoT prior to 4.60.009. A remote attacker can exploit the LON IP-852 management message handling to execute arbitrary OS commands on the device. Public sources concur on this impact; no exploit details are provided in the documents. The Red Hat advisory a...
CVE-2026-20761 EnOcean SmartServer IoT Command Injection
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-25308
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...
EUVD-2025-36697
Zitadel allows brute-forcing authentication factors...
CVE-2025-58811
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP CodeUs Ultimate Client Dash ulimate-client-dash allows Stored XSS.This issue affects Ultimate Client Dash: from n/a through = 4.7...
PT-2025-36150
Name of the Vulnerable Software and Affected Versions: WP CodeUs Ultimate Client Dash versions through 4.6 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP CodeUs...
CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...
WordPress Simen theme <= 4.6 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Simen versions = 4.6...
CVE-2025-31613
Cross-Site Request Forgery CSRF vulnerability in Aboobacker. AB Google Map Travel ab-google-map-travel allows Cross Site Request Forgery.This issue affects AB Google Map Travel : from n/a through = 4.6...
WordPress plugin 3D FlipBook, PDF Viewer, PDF Embedder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin 3D FlipBoo...
Loftware Spectrum 安全漏洞
Loftware Spectrum is an enterprise label printing solution from Loftware, a comprehensive, cloud-based label printing platform for companies of all sizes. A security vulnerability exists in Loftware Spectrum prior to version 4.6 that stems from HF14 missing authentication for critical functions...