22 matches found
EUVD-2026-36941
Author Arbitrary File Download in Download Monitor = 5.1.9 versions...
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...
PT-2026-23239
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through = 2.1.9...
CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
WordPress plugin Nova Blocks has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EspoCRM 跨站请求伪造漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A cross-site request forgery vulnerability exists in EspoCRM versions prior to 9.1.9, which stems from...
UAB Paytend App 安全漏洞
UAB Paytend App is a banking mobile application from UAB Paytend. A security vulnerability exists in UAB Paytend App version 2.1.9 and earlier, which stems from improper component export in the file AndroidManifest.xml and could lead to a local attack...
[SECURITY] Fedora 42 Update: fcitx5-qt-5.1.9-7.fc42
Qt library and IM module for fcitx5...
CVE-2018-17423
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107admin/comment.php...
CVE-2024-42466
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9...
upKeeper 安全漏洞
upKeeper is a cloud-based or local solution from upKeeper, Inc. A security vulnerability exists in upKeeper version 5.1.9 and earlier, which stems from the presence of an authorization bypass via user control key vulnerability that allows the use of REST trust in system resources to gain access t...
PT-2023-30655 · Unknown · Com.Yunyi.Smartcamera
Name of the Vulnerable Software and Affected Versions: com.yunyi.smartcamera application through 4.1.9 20231127 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...
zzzCMS Code Issues Vulnerabilities
ZZZCMS is a content management system CMS. A security vulnerability exists in zzzCMS version v.2.1.9, which originates from a vulnerability that allows remote attackers to execute arbitrary code via the downurl function in the zzzz.php file...
PT-2023-34991 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to a potential security vulnerability in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...
GHSA-66PQ-HQV5-228G Smack allows the bypass of TLS protections
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...
CVE-2022-0015
A local privilege escalation PE vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1...
WordPress Media File Renamer - Auto & Manual Rename 插件跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
SUSE-SU-2021:0182-1 Security update for yast2-multipath
This update for yast2-multipath to version 3.1.9 fixes the following issues: Security issue fixed: - CVE-2018-17955: Use random file name instead of static names bsc1117592. Non-security issue fixed: - Removed calls to /sbin/insserv bsc1026027...
PT-2019-15975 · Tautulli · Tautulli
Name of the Vulnerable Software and Affected Versions: Tautulli version 2.1.9 Description: The issue allows an attacker to shut down a remote media server due to a CSRF vulnerability in the "/shutdown" API endpoint. Additionally, anonymous access can be achieved in applications lacking a user log...
CVE-2019-7975
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...