CVE-2026-25460

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

EUVD-2026-15742

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-25460

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-25460 WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-25460 WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-25460

CVE-2026-25460 affects Ave Core (Ave Core plugin) for WordPress, with a Missing Authorization flaw in ave-core that permits exploitation due to incorrectly configured access control/security levels in Ave Core versions up to 2.9.1. The connected documents confirm the vendor/product (Ave Core) and...

PT-2026-27955

Name of the Vulnerable Software and Affected Versions LiquidThemes Ave Core versions through 2.9.1 Description An authorization issue exists in LiquidThemes Ave Core. The problem stems from incorrectly configured access control security levels, potentially allowing unauthorized access...

WordPress plugin Ave Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ave Core versions = 2.9.1...

CVE-2019-25233 AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser...

CVE-2019-25233

CVE-2019-25233 affects AVE DOMINAplus 1.10.x. The connected documents specify cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in this version, enabling attackers to perform administrative actions without user consent. Attackers can craft malicious pages to exploit...

AVE DOMINAplus 安全漏洞

AVE DOMINAplus is an application from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x, which stems from vulnerability to cross-site request forgery and cross-site scripting attacks that could lead to the...

MAL-2025-179738 Malicious code in kiut-acg-ave (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ee926acaa34494d8190b23f532669cf61c8abb86fee63e7ce76620dfedd124e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-134346

Malicious code in kiut-acg-ave npm...

Malicious code in kiut-acg-ave (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ee926acaa34494d8190b23f532669cf61c8abb86fee63e7ce76620dfedd124e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-134347

Malicious code in kiut-acg-ave npm...

EUVD-2020-14762

Malware in sbrugna...

EUVD-2025-5968

Malicious code in bioql PyPI...

CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario...

CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication...