CVE-2024-39322

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...

EUVD-2007-5133

Malware in sbrugna...

EUVD-2008-0346

Malware in sbrugna...

EUVD-2008-5021

Malware in sbrugna...

EUVD-2020-30106

Malware in sbrugna...

EUVD-2020-11321

Malware in sbrugna...

EUVD-2016-5901

Malware in sbrugna...

EUVD-2021-13495

Malware in sbrugna...

EUVD-2008-1593

Malware in sbrugna...

EUVD-2008-0277

Malware in sbrugna...

EUVD-2019-2174

Malware in sbrugna...

CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

PT-2025-17579 · Codemers · Codemers Klims

Name of the Vulnerable Software and Affected Versions: Codemers KLIMS version 1.6.DEV Description: The issue is related to a lack of proper access control mechanism, allowing a normal user to perform actions that are typically restricted to administrators. This includes modifying the configuratio...

CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing...

CVE-2024-6397

CVE-2024-6397 concerns the InstaWP Connect – 1-click WP Staging & Migration WordPress plugin. The vulnerability is an authentication bypass caused by insufficient verification of the API key, allowing unauthenticated attackers to log in as an existing site user (e.g., administrator) if they know ...

CVE-2024-39322

CVE-2024-39322 affects the aimes/ai-admin-jsonadm JSON API used for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. A fix is present i...

PT-2024-15669 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to, and including, 2.12.10 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on...

Moderate: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Oracle Linux 7 : libvirt (ELSA-2019-4687)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4687 advisory. - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug:...

Important: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...