CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

CVE-2025-40701 Reflected Cross-Site scripting (XSS) in SOTE's SOTESHOP

Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...

Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

EUVD-2025-200080

Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation...

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack that could lead to elevation of privilege...

CVE-2022-3834

creationtimestamp| type| source ---|---|--- 2025-04-25 20:07:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13517...

CVE-2024-1464

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2023-16094 · Microsoft +1 · Utilman +1

Name of the Vulnerable Software and Affected Versions: ACC versions prior to 8.3.4 Description: The issue allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. Recommendations: For versions prior to 8.3.4,...

PT-2022-10054 · Mcafee · Mcafee Application/Change Control

Name of the Vulnerable Software and Affected Versions: McAfee Application and Change Control MACC versions prior to 8.3.4 Description: A security issue allows a locally logged-in attacker to bypass application protection, enabling them to run applications that would normally be blocked. The...

Drupal File Upload Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability exists in Drupal versions 7.x prior to 7.56 and 8.x prior to 8.3.4. An attacker can exploit this vulnerability to bypass security restrictions and...