9293 matches found
CVE-2025-32915 Sensitive data exposed during automatic agent updates
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and = 2.1.0p49 EOL. This allows a local attacker to read sensitive data...
CVE-2019-10120
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...
CVE-2019-17572
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...
CVE-2017-15204
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user...
wire-webapp 安全漏洞
wire-webapp is an open source application from Wire Swiss. A security vulnerability exists in wire-webapp versions prior to 2025-05-20-production.0, which stems from a session not being expired correctly, which could lead to automatic re-logins...
PT-2025-22515 · Wire · Wire-Webapp
Name of the Vulnerable Software and Affected Versions: wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0 Description: The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in...
CVE-2025-39511
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...
CVE-2025-39511
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...
CVE-2025-39511 WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...
CVE-2025-39511
CVE-2025-39511 refers to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin Pinterest Automatic Pin (ValvePress). Affected versions are reported as n/a through 4.18.2. The underlying issue is misconfigured access controls that could allow unauthorized access or ...
CVE-2025-39511 WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2...
WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Pinterest Automatic Pin versions = 4.19.0...
CVE-2024-57273
Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...
WordPress plugin Pinterest Automatic Pin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2025-21703 · Valvepress · Valvepress Pinterest Automatic Pin
Name of the Vulnerable Software and Affected Versions: ValvePress Pinterest Automatic Pin versions n/a through 4.18.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...
CVE-2025-3877
Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986...
CVE-2025-3877
CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.
CVE-2025-3877
Removed by vendor...
CVE-2024-57273
Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...