42 matches found
WordPress Advanced Custom Fields (ACF®) plugin <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability
Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability discovered by Fernando Mecozzi in WordPress Plugin Advanced Custom Fields versions = 6.7.0...
PT-2026-20616
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...
WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2012-1659
Malware in sbrugna...
CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS 141...
CVE-2025-48885
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...
CVE-2025-48885
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...
CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...
CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...
application-urlshortener 跨站请求伪造漏洞
application-urlshortener is an open source XWiki SAS tool for creating shortened URLs for XWiki pages. A cross-site request forgery vulnerability exists in versions of application-urlshortener prior to 1.2.4, where a user with view privileges can create arbitrary pages...
CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...
WordPress Plugin WP Scraper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on a function. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts...
CVE-2021-47087
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages struct page page has already progressed towards the end of allocation. It is incorrect to perform freepagespage, order using this pointer as we would free any...
CVE-2021-47087 tee: optee: Fix incorrect page free bug
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages struct page page has already progressed towards the end of allocation. It is incorrect to perform freepagespage, order using this pointer as we would free any...
CVE-2023-5506
The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
SUSE CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
Academy Learning Management System 跨站脚本漏洞
Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. A security vulnerability exists in Academy Learning Management System versions prior to v5.10, which can be exploited by an attacker to create arbitrary pages...
IBM Spectrum Virtualize Access Control Error Vulnerability
IBM Spectrum Virtualize is a block storage virtualization system from IBM USA. It improves data value, security, and simplicity for new and existing storage infrastructures.An access control error vulnerability exists in IBM Spectrum Virtualize versions 8.2, 8.3, and 8.4. The vulnerability stems...
CVE-2022-26589
A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages...