59 matches found
CVE-2026-57720 WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...
CVE-2026-22340
CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme
CVE-2026-42283
DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils
Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...
WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...
CVE-2026-21743
The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...
WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability
WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...
WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2023-25973
Cross-Site Request Forgery CSRF vulnerability in Lucian Apostol Auto Affiliate Links plugin = 6.3.0.2 versions...
CVE-2025-60080 WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...
CVE-2025-12860
Summary: CVE-2025-12860 affects DedeBIZ up to version 6.3.2. An SQL injection can be triggered by manipulating the orderby parameter in /admin/freelist_main.php. The vulnerability is exploitable remotely and the public exploit is available. Multiple connected sources corroborate the issue and its...
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
PT-2025-44010
Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...
Pi-hole Web Interface 跨站脚本漏洞
Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...
CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...
CVE-2025-9798
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...
CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...
CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...
IBM Tivoli Monitoring 安全漏洞
IBM Tivoli Monitoring is a suite of system monitoring software from International Business Machines IBM. The software supports detection of system bottlenecks and potential problems, performance monitoring of essential system resources, automatic recovery from critical situations, and more. A...