CVE-2025-14342 SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sqajaxuninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

PT-2026-20577

Name of the Vulnerable Software and Affected Versions ACF Photo Gallery Field versions prior to 3.1 Description The ACF Photo Gallery Field plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the acf photo gallery edit sa...

PT-2026-20616

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...

PT-2026-20629

Name of the Vulnerable Software and Affected Versions Toret Manager plugin for WordPress versions up to and including 1.2.7 Description The Toret Manager plugin for WordPress has a flaw that allows unauthorized modification of data, potentially leading to privilege escalation. This is due to a...

CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

CVE-2025-36183 Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

IBM Watsonx.data 代码问题漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...

PT-2026-20246

Name of the Vulnerable Software and Affected Versions IBM watsonx.data versions 2.2 through 2.2.1 Description A privileged user may be able to upload malicious files to IBM Lakehouse. These files could be executed on the server, potentially allowing modification of limited files or data...

ROS-20260216-73-0026

A vulnerability in the JavaFX component of the Oracle Java SE software platform is related to an operation exceeding buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete data...

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...