20 matches found
CVE-2026-49782
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
CVE-2026-1726
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...
CVE-2025-49952
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...
EUVD-2025-27239
Malicious code in bioql PyPI...
WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao - BlueRock in WordPress Plugin Export WP Page to Static HTML/CSS versions = 4.1.0...
CVE-2025-40795
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions, SIMATIC PCS neo V5.0 All versions, SIMATIC PCS neo V6.0 All versions V6.0 SP1 Update 1, User Management Component UMC All versions V2.15.1.3. Affected products contain a stack-based buffer overflow vulnerability in the...
PT-2025-36683
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions 4.1 All versions SIMATIC PCS neo versions 5.0 All versions User Management Component UMC versions prior to 2.15.1.3 Description: The software contains an out-of-bounds read issue in the integrated User Management...
WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin PostX versions = 4.1.36...
WordPress plugin WP jQuery DataTable 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...
WordPress plugin DD Roles 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.1...
WordPress Website price calculator plugin <= 4.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Website price calculator versions = 4.1...
CVE-2023-44997
Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...
CVE-2022-31248
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.message:cloud-altemistafwk-core-message-active-conf (>=3.0.0.RELEASE <=3.1.0.RELEASE) +706 more potentially affected by CVE-2012-6092 via org.apache.activemq:activemq-core (>=4.1.1 <=5.7.0)
org.apache.activemq:activemq-core MAVEN version =4.1.1, =3.0.0.RELEASE, =1.0, =1.0.0, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2012-6092 Source advisory: OSV:GHSA-RP9P-863F-9C4H...
PT-2018-2622 · Apache +1 · Apache Openoffice +2
Name of the Vulnerable Software and Affected Versions: Apache Open Office versions 4.1.5 and earlier Description: The issue is related to an arithmetic overflow that occurs when loading a document with a smaller end line termination than the operating system uses. This defect can cause the softwa...
SAP BusinessObjects Business Intelligence Admin Tools Information Disclosure Vulnerability
SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analysis, data visualization, etc. Admin Tools is one of the management tools. An information disclosure vulnerability exis...
DEBIAN-CVE-2014-9218
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...
tomcat request dispatcher information disclosure vulnerability
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...
PT-2008-4686 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.31 Apache Tomcat version 5.5.0 Description: The issue allows remote attackers to bypass IP address restrictions and obtain sensitive information due to a synchronization problem and lack of thread...