419 matches found
CVE-2026-2019
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2026-2019
CVE-2026-2019 concerns the Cart All In One For WooCommerce WordPress plugin (versions
CVE-2026-2019
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
PT-2026-20296
Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22 Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, whic...
WordPress plugin Cart All In One For WooCommerce 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...
clk: samsung: exynos-clkout: Assign .num before accessing .hws
...
DRUPAL-CONTRIB-2026-002
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...
CVE-2025-23582
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through = 1.0...
EUVD-2025-201228
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lock reversal issue in vsockassigntransport, which could lead to a deadlock...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12kmacassignviftovdev In ath12kmacassignviftovdev, if arvif is created on a different radio, it gets deleted from that radio through a call to ath12kmacunassignlinkvif. This action...
Prototype Pollution
ts-fns is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied keys in the assign function, which allows an attacker to modify the Object.prototype chain and inject arbitrary properties, potentially leading to application crashes, unexpected...
PT-2025-49058
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a lock inversion deadlock between vsock register mutex and sk lock-AF VSOCK when the vsock linger function is called. This issue stemmed from ...
CVE-2025-62252
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...
Linux Distros Unpatched Vulnerability : CVE-2023-53585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk...
EUVD-2021-23122
Malware in sbrugna...
EUVD-2019-0624
Malware in sbrugna...