WordPress Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by momopon1415 in WordPress Plugin Classified Listing versions = 5.3.10...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token wi...

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)

@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...

Honeywell Experion PKS 安全漏洞

Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. A security vulnerability exists in Fortinet FortiSIEM that stems from improper authorization and could allow a...

WordPress Tour Master plugin <= 5.3.6 - Authenticated (Subscriber+) SQL Injection via review_id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via reviewid Parameter vulnerability discovered by Aiden Thái An in WordPress Plugin Tourmaster versions = 5.3.6...

PT-2024-28113 · Unknown · Team Members

Name of the Vulnerable Software and Affected Versions: Team Members versions through 5.3.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...

GHSA-564R-HJ7V-MCR5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

CVE-2021-26262

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

Pulse Secure Desktop Client for Windows Arbitrary File Write Vulnerability

Pulse Secure Desktop Client for Windows is a suite of Windows-based client software from Pulse Secure, Inc. for end devices that access Juniper Pulse Secure gateways. A security vulnerability exists in Pulse Secure Desktop Client versions 5.3 through R6.0 build 1769 for Windows-based platforms. T...

Kibana Cross-Site Scripting Vulnerability (CNVD-2018-19611)

Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open-source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch. A cross-site scripting vulnerability exists in Elasticsearch Kibana versions 5.3.0 through 6.4.1. An...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-6672

Information disclosure vulnerability in McAfee ePolicy Orchestrator ePO 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors...

UBUNTU-CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

CVE-2017-8942

The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...