30 matches found
EUVD-2026-33886
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...
CVE-2018-25410
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...
PT-2026-44001
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...
Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...
GHSA-42FC-7W97-8VRC XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter
Impact The PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious externa...
CVE-2026-42140
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...
CVE-2026-32421 WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through = 2.4.1...
SUSE CVE-2026-24686
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Reflected Cross-Site Scripting vulnerability
WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin = 2.4.1 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin ClickWhale versions = 2.4.1...
CVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67580
Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through = 2.4.1...
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
WordPress plugin Sitewide Notice WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Sitewide Notice A...
CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...
CVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
ruoyi-vue-pro 路径遍历漏洞
ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized and refactored efficient back-end management system framework for the development of enterprise back-end , SaaS platforms , WeChat applets back-end and so on. ruoyi-vue-pro 2.4.1 version of a path traversal...
WordPress ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin ClickWhale versions = 2.4.1...
CVE-2025-0804
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...