CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

CVE-2026-32485

CVE-2026-32485 affects the WordPress plugin WP User Frontend (weDevs) versions prior to 4.2.9. The vulnerability is a Missing Authorization/Broken Access Control issue caused by incorrectly configured access control security levels in wp-user-frontend, allowing unauthorized access as described in...

WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin EventPrime versions = 4.2.8.0...

[SECURITY] Fedora 42 Update: python-django4.2-4.2.28-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2025-69325 WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through = 4.2.8...

CVE-2026-25389

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...

PT-2026-20281

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...

openSUSE 16 Security Update : jasper (openSUSE-SU-2026:20138-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20138-1 advisory. Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently hig...

CVE-2026-24380 WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.0...

CVE-2020-15428

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxcrons.php. When parsing the line parameter, the process does not...

WordPress Plugin Contact Form by BestWebSoft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Contac...

CVE-2021-42890

creationtimestamp| type| source ---|---|--- 2022-06-03 18:26:38+00:00| seen| https://t.me/cibsecurity/43819...

NTP ntpd denial of service vulnerability (CNVD-2018-04874)

NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. ntpd is an operating system daemon. An information disclosure vulnerability exists in the ctlgetitem method of ntpd in NTP versions 4.2.8p6 through 4.2.8p10. A remote attacker coul...

NTP Local Denial of Service Vulnerability (CNVD-2017-04410)

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A denial of service vulnerability exists in ntpd versions prior to 4.2.8p9. An attacker can exploit this vulnerability remotely or...

DEBIAN-CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service interleaved-mode transition and time change via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548...