11 matches found
EUVD-2026-41271
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...
CVE-2026-8480
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...
Xibo CMS 安全漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS 4.3.0 and prior versions, which stems from a mishandled Twig filter in the Module Templates feature in the CMS Developer menu, which could lead to remote code execution...
CVE-2025-58801
Cross-Site Request Forgery CSRF vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through = 4.3.8...
WordPress plugin WP Maintenance Mode & Site Under Construction 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Stormshield Network Security 安全漏洞
Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security version 4.3.x prior to 4.3.35, which stems from a multicast stream that may result in a denial of servi...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle versions 4.3 through 4.3.3. An attacker exploited the vulnerability to perform a cross-site...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin BizPrint versions = 4.3.39...
WordPress plugin OpenHook code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...