16 matches found
CVE-2025-12027
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
DNN 代码问题漏洞
DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A code issue vulnerability exists in DNN versions prior to 10.1.1, which...
WordPress Lisfinity Core plugin elevation of privilege vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...
CVE-2025-6042
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
CVE-2025-6042 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
PT-2025-42236
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-447)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-447 advisory. Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to b...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-403)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-403 advisory. NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Use After Free in GitHub repository vim/vim prior to v9.0.2010...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-194)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-194 advisory. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610 Tenable has...
Moodle Atto Editor Cross Site Scripting
Exploit Title: Moodle Atto Editor Cross Site Scripting Date: 26.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/plugins/editoratto Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month M...
Z-blog 1.8 web path information disclosure vulnerability and fix-vulnerability warning-the black bar safety net
Affected version: Z-blog 1.8 Vulnerability description: Z-blog is based on Asp platform Blog blogweblogprogram Z-blog using the default editor there is a path information disclosure vulnerability Test method:...
Low: Red Hat Security Advisory: lftp security and bug fix update
An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Lik...
RHEL 5 : lftp (RHSA-2009:1278)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2009:1278 advisory. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. ...