7 matches found
PT-2026-27843
CVE-2026-23971 Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8. https://t.co/0me4zW3qJ4...
EUVD-2026-3838
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through = 3.3...
CVE-2025-67958
CVE-2025-67958 affects the TaxCloud for WooCommerce plugin (simple-sales-tax) for WordPress; a broken/misconfigured access control enables missing authorization via vulnerable versions up to and including 8.3.8. Impact details in sources indicate broken access control rather than remote code exec...
TYPO3 Security Vulnerabilities
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 8.3.8, and 9.x versions prior to 9.0.6, which stems from the presence of an insecure direct object reference IDOR vulnerability,...
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...
Loadbalancer Enterprise VA MAX 路径遍历漏洞
Loadbalancer Enterprise VA MAX is a full-featured virtual ADC from the Loadbalancer organization. standardized on WAF and GSLB, it provides the highest throughput and unmatched reliability for critical workloads. A security vulnerability exists in Loadbalancer Enterprise VA MAX version 8.3.8 and...
SUSE CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...