435 matches found
WordPress plugin Directorist 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-21034
Name of the Vulnerable Software and Affected Versions staviravn AIO WP Builder versions through 2.0.2 Description An authorization issue exists in staviravn AIO WP Builder all-in-one-wp-builder, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...
CVE-2026-25409 WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through = 1.1.1...
ROS-20260202-73-0015
Vulnerability in kernel-lt related to insufficient control of the resource during its existence. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2026-24556
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...
CVE-2026-24522
CVE-2026-24522 describes a Missing Authorization (broken access control) vulnerability in MyThemeShop WP Subscribe (wp-subscribe), affecting WP Subscribe versions up to 1.2.16. The CVSS 3.1 base score is 4.3 (Medium) with network attack, low exploit complexity, and low confidentiality impact. The...
PT-2026-4391
Name of the Vulnerable Software and Affected Versions HD Quiz versions through 2.0.9 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update HD Quiz to a versio...
CVE-2025-67920 WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through 1.2...
Asseco InfoMedica 安全漏洞
Asseco InfoMedica is a comprehensive medical information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from insufficient access control granularity and could lead to the acquisition of coded...
PT-2026-1648
Name of the Vulnerable Software and Affected Versions Crocoblock JetEngine versions through 3.8.1.1 Description A missing authorization issue exists in Crocoblock JetEngine, allowing exploitation of incorrectly configured access control security levels. The issue concerns insufficient authorizati...
CVE-2025-66159
Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through = 1.1.6...
PT-2025-54459
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...
Security Bulletin: IBM i is affected by exposure of sensitive information and improper access control vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2025-53066, CVE-2025-53057]
Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to unauthorized access to data by using APIs in the JAXP component CVE-2025-53066 and creation, deletion or modification access to data by...
WordPress plugin FiveStar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-66378
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...
EUVD-2025-205266
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through = 1.2.38...
CVE-2025-14095
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...
EUVD-2025-204120
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through = 1.0.14...
CVE-2025-64209
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through 4.8.122...
CVE-2025-14095 Privilege boundary violation in Radiometer Products
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...