CVE-2026-2421

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. Thi...

CVE-2026-2421

CVE-2026-2421 affects the ilGhera Carta Docente for WooCommerce plugin for WordPress. The issue is a Path Traversal vulnerability in the wccd-delete-certificate AJAX action (cert parameter) that allows an authenticated attacker with Administrator+ privileges to delete arbitrary server files (e.g....

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:opensearch is a Data Prepper project: opensearch Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can intercept...

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

PT-2013-5210 · Hewlett Packard · Hp Procurve Manager +1

Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP ProCurve Manager+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateDomainControllerServlet in the SNAC registration server, which fails to...