CVE-2026-39342

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

CVE-2023-49221

Precor touchscreen console P62, P80, and P82 could allow a remote attacker within the local network to bypass security restrictions, and access the service menu, because there is a hard-coded service code...

CVE-2025-63069 WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

CVE-2025-59704

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password...

EUVD-2024-48316

Malicious code in bioql PyPI...

CVE-2024-7380

The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

Precor Touchscreen Console Security Vulnerability

Precor touchscreen console P62 and Precor touchscreen console P82 are both a touchscreen console from Precor USA. A security vulnerability exists in the Precor Touchscreen Console that stems from the presence of hard-coded service code that could allow a remote attacker to bypass security...

CVE-2024-2441

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...

PT-2024-20389 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8 Description: The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to...

Fedora 访问控制错误漏洞

Fedora is a set of Linux operating systems from the Fedora community. Fedora CoreOS has a security vulnerability that stems from the fact that it allows to boot a non-default OSTree deployment without entering a password. This allows users with access to the GRUB menu to boot into an older versio...

ThinkStation 授权问题漏洞

Lenovo ThinkStation is a desktop workstation from the Chinese company Lenovo. An authorization issue vulnerability exists in ThinkStation, which can be exploited to gain unauthorized access to the boot menu when "BIOS Password At Boot Device List" is set to True...

Intermittently Users Are Unable to Access Start Menu After Citrix Workspace Environment Management Application Security Rules Are Applied

Start menu is intermittently inaccessible after applying default/custom rules...

SA-CONTRIB-2011-019 - Menu Access - Cross Site Scripting

The Menu Access module provides global, menu specific, and per menu item security permissions by role and user account. The Menu Access module contains a cross site scripting XSS vulnerability that can be exploited when a specially formatted menu description is viewed. This could result in...

SuSE 11 Security Update : Xen (SAT Patch Number 2230)

Collective Xen/201004 Update, containing fixes for the following issues : - pygrub, reiserfs: Fix on-disk structure definition bnc537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc561912 - xend leaks memory bnc564750 - Keyboard Caps Lock key works abnormal under SLES11 xen...

carboncopy.txt

The only reason this was never disclosed was originally in hopes of proper vendor response... I spoke to their tech support about 5 times but they were just total morons. I eventually gave up. I was going to write a shatter like attack so this could be exploited ala .exe file but I never had time...

X_holes

Products : xstat v2.3 and less xnews v1.1 Website : http://www.xqus.com/ problems : xstat : - Recovery of numerous data about the computer phpinfo . - Cross Site Scripting - Path disclosure xnews : - Access to the admin menu More details in french : http://www.ifrance.com/kitetoua/tuto/xholes.txt...