18 matches found
CVE-2026-1726
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...
CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...
CVE-2026-2538
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...
WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
WordPress Custom Block Builder - Lazy Blocks plugin = 4.2.0 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by Youssef Elouaer - ISET ZAGHOUAN in WordPress Plugin Lazy Blocks versions = 4.2.0...
CVE-2025-63060
Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...
WordPress plugin CSV to SortTable 跨站脚本漏洞
WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...
CVE-2025-60187 WordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through = 4.2.1...
Kissflow Work Platform 安全漏洞
Kissflow Work Platform is a low-code process automation platform from Kissflow, Inc. in the United States. A security vulnerability exists in Kissflow Work Platform versions v2.0 through v4.2, which originates from the injection of a specially crafted payload and could lead to a stored cross-site...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-39614 via django (>=4.2.0 <=4.2.13)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-39614 Source advisory: OSV:GHSA-F6F8-9MX6-9MX2...
PT-2024-24707 · WordPress · Extendwp Import Content
Name of the Vulnerable Software and Affected Versions: extendWP Import Content in WordPress & WooCommerce with Excel versions n/a through 4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...
CVE-2022-31248
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...
WordPress plugin PDF24 Articles To PDF 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress PDF24 Articles To PDF plugin 4.2.2 and earlier versions have a cross-site request forgery...
Connext Dds 多款产品缓冲区错误漏洞
Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...
PT-2021-3940 · Adobe · Character Animator
Name of the Vulnerable Software and Affected Versions: Adobe Character Animator versions 4.2 and earlier Description: The issue is caused by a memory corruption vulnerability when parsing a specially crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the...
CVE-2020-6965
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability...
SAP BusinessObjects Business Intelligence Admin Tools Information Disclosure Vulnerability
SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analysis, data visualization, etc. Admin Tools is one of the management tools. An information disclosure vulnerability exis...
DEBIAN-CVE-2014-9218
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...