11 matches found
CVE-2026-32652
Dell AIOps Collector pre-1.18.3 is vulnerable to a Use of Default Credentials flaw. A low-privilege attacker with console access could gain filesystem access on fresh installations not upgraded to 1.18.3+. Upgraded installations (1.18.3+) are not affected. Remediate by upgrading to 1.18.3 or later.
PT-2026-50462
Name of the Vulnerable Software and Affected Versions Dell AIOps Collector versions prior to 1.18.3 Description Fresh installations of the software contain an issue where default credentials are used. A low privileged attacker with console access could potentially exploit this to gain filesystem...
CVE-2026-41065
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...
EUVD-2026-34273
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...
CVE-2025-11587
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...
EUVD-2025-36639
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...
CVE-2025-11587 Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...
SUSE CVE-2024-4317
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
SUSE CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
Information disclosure
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...