EUVD-2026-11901

Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through 1.2.4...

CVE-2026-32391

The CVE-2026-32391 entry concerns the WordPress SmartFix theme vulnerability: Missing Authorization due to incorrectly configured access control, affecting SmartFix versions up to

CVE-2026-32391 WordPress SmartFix theme < 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through 1.2.4...

PT-2026-25237

CVE-2026-32391 Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFi… https://t.co/hbSN1SkTIO...

CVE-2026-22228

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore...

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...

CVE-2026-0631

The CVE-2026-0631 issue affects TP-Link Archer BE230 v1.2 (vpn modules) with firmware older than 1.2.4 Build 20251218 rel.70420. It is described as an OS Command Injection that allows an adjacent authenticated attacker to execute arbitrary code, potentially gaining full administrative control and...

PT-2026-5691

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

Drupal AI security vulnerabilities

Drupal AI is a module or solution within the Drupal community that integrates artificial intelligence capabilities. Versions of Drupal AI prior to 1.0.7, 1.1.7, and 1.2.4 contain security vulnerabilities. These vulnerabilities stem from improper input during web page generation, which may lead to...

mpay security vulnerability

MPay is a convenient payment tool developed by Technic Laohu in China. Versions of MPay prior to 1.2.4 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations on unknown functions, which could lead to cross-site request forgery attacks...

WordPress Creta Testimonial Showcase plugin < 1.2.4 - Editor+ Local File Inclusion vulnerability

Editor+ Local File Inclusion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Creta Testimonial Showcase versions 1.2.4...

Drupal Cookies Addons 安全漏洞

Drupal Cookies Addons is a plugin for the Drupal community. A security vulnerability exists in Drupal Cookies Addons versions prior to 1.2.4, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech that aims to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS prior to version 1.2.4, which stems from the API endpoint /v21/file in ZimaOS being vulnerable t...

WordPress Counter Box plugin < 1.2.4 - Counter Deletion via CSRF vulnerability

Counter Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Counter Box versions 1.2.4...

PT-2024-2893 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the authentication mechanism in OpenMetadata, specifically with the JwtFilter that handles API authentication by verifying JWT tokens. An attacker can bypass the...

OpenMetadata Security Vulnerabilities

OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4, which stems from a SpEL injection...

Winter Cross-Site Scripting Vulnerability

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A cross-site scripting vulnerability exists in Winter versions prior to 1.2.4, which stems from the presence of a stored cross-site scripting XSS vulnerability...

Winter Cross-Site Scripting Vulnerability

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A cross-site scripting vulnerability exists in Winter versions prior to 1.2.4, which stems from the presence of a stored cross-site scripting XSS vulnerability...

Yaklang Security Vulnerability

Yaklang is an open source programming language designed for network security by the yaklang.io Project. A security vulnerability exists in versions prior to Yaklang 1.2.4-sp1. Attackers can use the vulnerability to obtain sensitive information...

CVE-2023-2527

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...