22 matches found
CVE-2026-31798
CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...
CVE-2026-25330
CVE-2026-25330 affects the WordPress PublishPress Authors plugin (<= 4.10.1). Described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels. CVSSv3.1: 4.3 (Medium) with Network attack vector, Privileges Required: Low, Us...
PT-2026-6294
Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...
CVE-2026-1505 D-Link DIR-615 URL Filter set_temp_nodes.php os command injection
A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...
CVE-2025-50004
Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...
PT-2025-51179
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...
WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.10...
Out-of-bounds Read
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
PT-2025-47422
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...
CVE-2025-62785
Wazuh CVE-2025-62785 describes a NULL dereference in fillData() where value is not checked before os_strdup(), allowing a crafted agent message to crash analysisd and take it offline. Affected software is Wazuh (analysisd component) with vulnerability in the message handling path. The issue is fi...
EUVD-2025-32419
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...
CVE-2024-22648
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment...
CVE-2024-2256
The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bwcontactbutton and bwbutton shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-1209
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...
PHOENIX CONTACTs WP 6xxx series web panels Trust Management Issues Vulnerability
PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A trust management issue vulnerability exists in PHOENIX CONTACT WP 6xxx series web panels prior to version 4.0.10, where a remote attacker with administrator privileges can read a hard-coded...
PT-2023-20500 · Unknown · Code-Server
Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.10.1 Description: The issue is related to Missing Origin Validation in WebSockets handshakes. This can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
FTAPI 跨站脚本漏洞
A cross-site scripting vulnerability exists in FTAPI 4.0 - 4.10, which allows the passage of a crafted filename to an alternate text hover box in the file submission component...
CVE-2020-7262
Improper Access Control vulnerability in McAfee Advanced Threat Defense ATD prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter...
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability
SAP BusinessObjects Business Intelligence platform is a suite of bookstore intelligence software and enterprise performance solutions from SAP Germany. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability in the SAP BusinessObjects Busines...
PT-2019-12307
Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...