CVE-2025-5526

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2023-5368

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to re...

CVE-2024-28627

Summary: CVE-2024-28627 affects Flipsnack (version 18/03/2024) and enables a local attacker to obtain sensitive information via the reader.gz.js file. The available documents do not provide deeper root-cause details beyond this file-based exposure; no exploit vectors or in-the-wild activity are d...

WordPress Smush Image 2.7.4.1 Directory Traversal

Class File transversal Remote Yes Credit Ricardo Sanchez Smush Image Wordpress WP plugin is prone to file transversal vulnerability because it fails to sufficiently folders privacy. To exploit this issue following steps: Demo url:...

CVE-2006-6229

The CVE-2006-6229 entry affects Codewalkers ltwCalendar (aka PHP Event Calendar) prior to 4.2.1. The underlying issue is that failed login attempts are logged, which could allow an attacker to infer correct passwords from the log file. The available records specify the affected software and the v...