3782 matches found
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
GHSA-VCF3-26XF-FW4M Salt Authentication Protocol Version Downgrade Allows Minion Impersonation
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...
CVE-2026-1188
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...
EUVD-2026-5016
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...
CVE-2026-1188
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...
CVE-2026-1188
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...
CVE-2026-1188
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...
CVE-2026-1188
CVE-2026-1188 affects the Eclipse OMR port library component (since release 0.2.0) where a function returning the textual names of processor features failed to account for the separator between features. When the output buffer is not sized to accommodate the separator, a buffer overflow could occ...
EUVD-2026-4991
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...
PT-2026-5249
Name of the Vulnerable Software and Affected Versions Eclipse OMR versions 0.2.0 through 0.7.9 Description An issue exists in the Eclipse OMR port library component where an API function designed to return textual names of supported processor features does not correctly account for separators...
CVE-2025-13980
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
EUVD-2025-206441
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980
CVE-2025-13980 is an authentication bypass in Drupal CKEditor 5 Premium Features. Affected versions include CKEditor 5 Premium Features before 1.2.10, 1.3.0 before 1.3.6, 1.4.0 before 1.4.3, 1.5.0 before 1.5.1, and 1.6.0 before 1.6.4. The root cause is an authentication bypass via an alternate pa...
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...
SolarWinds Web Help Desk security vulnerabilities
SolarWinds Web Help Desk is a service desk and asset management software provided by the American company SolarWinds. This software supports centralized knowledge bases, IT asset management, project and task management functions. There is a security vulnerability in SolarWinds Web Help Desk, whic...