31 matches found
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
PT-2026-49421
Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...
CVE-2026-3829 WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...
📄 SocialEngine 7.8.0 Server-Side Request Forgery
SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...
CVE-2026-32142
Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...
Vulnerabilities fixed in Fortinet FortiWeb
Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...
PT-2025-44237
Name of the Vulnerable Software and Affected Versions WooCommerce versions prior to 7.8.3 Description The WooCommerce plugin for WordPress exhibits a sensitive information exposure issue due to improper CORS Cross-Origin Resource Sharing handling on the Store API’s REST endpoints. This allows...
CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...
WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability
Arbitrary Code Execution Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Alone versions = 7.8.2...
The vulnerability of the VS6ComFile!MakeItemGlidZahyou() function in the HMI configuration software for Monitouch V-SFT allows a malicious individual to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the VS6ComFile!MakeItemGlidZahyou function in the HMI configuration software for Monitouch V-SFT lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, execute...
CVE-2017-17060
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions...
PT-2025-2809 · Blackberry · Qnx Sdp
Name of the Vulnerable Software and Affected Versions: QNX SDP versions 7.0 through 8.0 Description: The issue is related to an out-of-bounds read in the TIFF image codec, which could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the imag...
PT-2025-2808 · Blackberry · Qnx Sdp
Name of the Vulnerable Software and Affected Versions: QNX SDP versions 7.0 through 8.0 Description: The issue is related to an off-by-one error in the TIFF image codec, which could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image...
PT-2024-28027 · Cloudlink · Cloudlink
Name of the Vulnerable Software and Affected Versions: CloudLink versions 7.1.x through 8.x Description: The issue is related to an improper check or handling of exceptional conditions in the Cluster Component. A highly privileged malicious user with remote access could potentially exploit this,...
PT-2024-25671 · Webtop +1 · Webtop +1
Name of the Vulnerable Software and Affected Versions: NethServer versions 7 through 8 Description: The issue concerns stored cross-site scripting XSS in the WebTop package. This can be exploited, for example, via the Subject field of an e-mail message. NethServer is an operating system designed...
CVE-2023-29723
The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...
Glitter Unicorn Wallpaper 安全漏洞
Glitter unicorn wallpaper is a wallpaper application. A security vulnerability exists in Glitter Unicorn Wallpaper versions 7.0 through 8.0, which stems from a vulnerability that allows an unauthorized application to actively request permissions to insert data into a database, which could allow a...
Openfind Mail2000 跨站脚本漏洞
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Openfind Mail2000 versions 7 and V8, which stems from insufficient filtering of user input by the file upload feature...
IBM WebSphere Application Server 跨站脚本漏洞
IBM WebSphere Application Server WAS is an application server product of the American International Business Machines IBM Corporation. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...