CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

CVE-2026-22337 WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

CVE-2026-22337

CVE-2026-22337 is a vulnerability in the WordPress plugin Directorist Social Login (directorist-social-login) described as an Incorrect Privilege Assignment that enables Privilege Escalation. Public sources specify affected versions as before 2.1.4 (NVD) and up to 2.1.1/2.1.4 in various advisorie...

CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

EUVD-2025-25044

Malicious code in bioql PyPI...

CVE-2025-8995

CVE-2025-8995: Drupal Authenticator Login contains an authentication bypass vulnerability in versions prior to 2.1.4. The issue arises in the Authenticator Login module (Drupal) where an alternate path or channel can bypass authentication, effectively allowing login as a user without proper crede...

Drupal Authenticator Login 访问控制错误漏洞

Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login versions prior to 2.1.4 that stems from bypassing authentication using an alternate path or channel...

WordPress plugin PostaPanduri SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2025-4548 · Unknown · Wpmagic News Publisher Autopilot

Name of the Vulnerable Software and Affected Versions: WPMagic News Publisher Autopilot versions prior to 2.1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This is a type of attack where an attacker can trick a user...

PT-2024-30365 · Nagios · Nagios Ndoutils

Name of the Vulnerable Software and Affected Versions: Nagios NDOUtils versions prior to 2.1.4 Description: The issue allows privilege escalation from the nagios user to root because certain executable files are owned by the nagios user. Recommendations: For versions prior to 2.1.4, update to...

Nagios 安全漏洞

Nagios is a suite of open source, free network monitoring tools from the US-based Nagios Corporation. A security vulnerability exists in Nagios NDOUtils prior to version 2.1.4, which stems from an executable file owned by a nagios user that can lead to elevated privileges up to root...

Adobe Substance 3D Stager 缓冲区错误漏洞

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance 3D Stager 2.1.3 and earlier versions, which can be exploited by attackers to obtain sensitive information...

Internet Initiative Japan SmartKey 安全漏洞

Internet Initiative Japan SmartKey IIJ SmartKey is an authentication application from Internet Initiative Japan. A security vulnerability exists in Internet Initiative Japan SmartKey versions prior to 2.1.4, which stems from an attacker's ability to obtain one-time passwords sent by it...

PT-2022-16040 · WordPress · Post Smtp Mailer/Email Log

Name of the Vulnerable Software and Affected Versions: Post SMTP Mailer/Email Log WordPress plugin versions prior to 2.1.4 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks against other users, even when the unfiltered html capability is disallowed, due to...

PYSEC-2022-257

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP-Paginate plugin prior to 2.1.4, which stems from the...

DEBIAN-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...