5012 matches found
CVE-2025-12971
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
EUVD-2025-199822
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12971
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12971
CVE-2025-12971 – The WordPress plugin Folders – Unlimited Folders to Organize Media Library (and related variants) is vulnerable to unauthorized data modification due to a misconfigured capability check in the function wcp_change_post_folder . This affects all versions up to and including 3.1.5 ....
WordPress Folders plugin <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability
Incorrect Authorization to Authenticated Contributor+ Folder Content Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Folders versions = 3.1.5...
Exploit for CVE-2025-63420
CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...
PT-2025-48266
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcp change post folder' function in all versions up to, and including, 3.1.5. This...
Exploit for Improper Resource Shutdown or Release in Wisecleaner Wise_Folder_Hider
CVE-202...
CVE-2025-65963 CFiles Unauthorized Folder/ZIP Access in Public Spaces
Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...
CVE-2025-65963 CFiles Unauthorized Folder/ZIP Access in Public Spaces
Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...
CVE-2025-65963
CVE-2025-65963 affects the Files module used to manage files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users in public spaces to create folders and to upload or download files as a ZIP archive; private spaces are not ...
CVE-2025-63729
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...
Syrotech SY-GPON-1110-WDONT 安全漏洞
Syrotech SY-GPON-1110-WDONT is a fiber optic terminal all-in-one from Syrotech India. A security vulnerability exists in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 version, which stems from an SSL private key and certificate that can be extracted from the etc folder...
CVE-2025-63729
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...
CVE-2025-63729
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...
PT-2025-48041
Name of the Vulnerable Software and Affected Versions Syrotech SY-GPON-1110-WDONT SYRO 3.7L 3.1.02-240517 Description An issue exists in Syrotech SY-GPON-1110-WDONT firmware where an attacker can extract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format...
PT-2025-47421
Name of the Vulnerable Software and Affected Versions ABP versions 2.0 through 2.0.7.9050 AES versions 1.0 through 1.0.6.8290 Description The services of ABP and AES, when installed in a directory accessible for writing by non-administrative users, are susceptible to DLL hijacking. An attacker ca...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...