CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

PT-2026-2860

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...

CVE-2020-24046

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating...

CVE-2018-6681 SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...

WordPress RokBox Multiple Vulnerabilities

These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload, Content Spoofing and Information Leakage vulnerabilities. Rokbox uses TimThumb 1.16 and JW Player 4.4.198, so some of vulnerabilities are related to plugin itself, some to...