3785 matches found
CVE-2011-10024
MJM Core Player likely now referred to as MJM Player 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute...
CVE-2011-10024
CVE-2011-10024 affects MJM Core Player (2011) where the .s3m file parser has a stack-based buffer overflow due to improper bounds checking. The vulnerability is triggered when a user opens a crafted .s3m file, allowing an attacker to overwrite stack memory and execute arbitrary code. Exploitation...
Reflected Cross Site Scripting (XSS)
microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...
PT-2025-34104
Name of the Vulnerable Software and Affected Versions MJM QuickPlayer version 2010 Description MJM QuickPlayer also known as MJM Player contains a stack-based buffer overflow triggered by opening a malicious .s3m music file. This issue arises from improper bounds checking in the file parser, whic...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name field of layoutClassedModelUsagesDisplayContext. An attacker can execute arbitrary JavaScript code in the context of another user by injecting a malicious payload that is reflected and executed when...
CVE-2025-8142
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
Linux Distros Unpatched Vulnerability : CVE-2024-11235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free...
Linux Distros Unpatched Vulnerability : CVE-2018-5392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by...
CVE-2025-8996
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...
CVE-2025-8142
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
CVE-2025-8142
CVE-2025-8142 : Soledad theme for WordPress is affected by a Local File Inclusion vulnerability in versions up to 8.6.7 via the header_layout parameter. Authenticated users with Contributor+ can include and execute arbitrary PHP files on the server, enabling code execution and potential data acce...
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
WordPress Soledad theme <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' vulnerability
Authenticated Contributor+ Local File Inclusion via 'headerlayout' vulnerability discovered by stealthcopter in WordPress Theme Soledad versions = 8.6.7...
WordPress plugin Soledad 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-33591 · WordPress · Soledad
Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions through 8.6.7 Description: The Soledad theme for WordPress is susceptible to a Local File Inclusion issue via the header layout parameter. This allows authenticated attackers with Contributor-level access ...
CVE-2025-8996
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...
CVE-2025-8996
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...
CVE-2025-8996
CVE-2025-8996 affects Drupal Layout Builder Advanced Permissions (versions 0.0.0 through 2.1.9/2.2.0 before). The vulnerability is a Missing Authorization issue that enables forceful browsing, enabling access bypass within the affected module, as described across multiple sources (Red Hat, NVD/CV...
CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...