10 matches found
WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability
Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...
CVE-2026-3525
Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...
CVE-2025-58052 Galette has groups managers access control bypass on Members
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...
CVE-2025-53922 Galette has access control bypass
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...
CVE-2025-48076 Galette is vulnerable to Cross-site Scripting
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...
WordPress plugin Button Block 跨站请求伪造漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Button Block 1.2.0 and prior...
PwnDoc 安全漏洞
PwnDoc is a penetration test report generator from PwnDoc open source. A security vulnerability exists in PwnDoc versions prior to 1.2.0 that stems from a path traversal in the backup recovery feature that could lead to remote code execution...
NewPass Security Vulnerabilities
NewPass is a secure password management application by gero personal developer. Designed to generate and store strong passwords locally on a user's device. A security vulnerability exists in versions prior to NewPass 1.2.0. An attacker exploiting the vulnerability could gain access to sensitive...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
Python priority denial of service vulnerability
Python is a suite of open source, object-oriented programming languages from the Python Software Foundation. json is one of the modules that provides a lightweight format for exchanging data. priority is one of the modules used to implement ordering. A denial of service vulnerability exists in...