CVE-2026-4065

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

BIT-DISCOURSE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

Direct access of prefixed controller actions

More info at https://bakery.cakephp.org/2015/08/06/cakephp2592610272released.html...

CVE-2014-6289

The CVE-2014-6289 issue affects TYPO3 extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase). The Ajax dispatcher for Extbase in yag (<=3.0.0) and pt_extbase (

CVE-2010-5088

CVE-2010-5088 affects SilverStripe: CSRF vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3. Remote attackers could hijack administrator sessions by exploiting destructive controller actions. The initial and connected documents confirm the affected versions and the general ...