LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

EUVD-2026-34769

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

ROS-20260605-73-0094

The vulnerability in Firefox is related to insecure handling of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

CVE-2026-11308

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

PT-2026-45724

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible’s amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to exploit the issue, as the module handles the parameter insecurely, resulting in the password being leaked in the logs...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.30.1, which stems from insecure handling of compressed HTTP request bodies and could lead to a denial-of-service attack...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the click event listener and could lead to cross-site scripting attacks...

EUVD-2025-204304

tinacms is vulnerable to arbitrary code execution...

CVE-2020-36868

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some...

CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some...

CVE-2020-36868

Nagios XI prior to 5.7.3 has a privilege escalation in the getprofile.sh helper script. The script uses insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some deployments can run with elevated privileges. A local attacker with low-level access could ...

CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.3, which stems from insecure file and comma...

EUVD-2020-30510

Malware in sbrugna...

Four-Faith Water Conservancy Informatization Platform 路径遍历漏洞

Four-Faith Water Conservancy Informatization Platform is a water conservancy informatization system from Four-Faith. A path traversal vulnerability exists in Four-Faith Water Conservancy Informatization Platform version 2.2 and prior versions, which stems from an incorrect manipulation of the...

EUVD-2024-2148

Malicious code in bioql PyPI...