2684 matches found
WordPress Google Map Professional - Cross-Site Scripting
WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...
CVE-2026-9241
The FOX ā Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX ā Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX ā Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
CVE-2026-9241 FOX ā Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter
The FOX ā Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
Exploit for CVE-2025-39247
CVE-2025-39247 - Target: HikCentral Professional HCMP, c...
shadow-pentest
š¤ Shadow Pentest Framework v1.0 Automated CVE Discovery & E...
AMDå¤ę¬¾äŗ§å ē¼å²åŗéčÆÆę¼ę“
AMD Radeon is a set of device driver and utility software packages developed by American semiconductor company AMD for Advanced Micro Devicesā graphics cards and GPUs. Several AMD products have a buffer error vulnerability, which stems from insufficient parameter cleaning. This vulnerability may...
CVE-2026-1749
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...
CVE-2026-1749
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...
CVE-2026-1749
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...
CVE-2026-1749
CVE-2026-1749 affects HikCentral Professional (some versions) with an Access Control vulnerability that could allow an unauthenticated user to obtain admin permissions. The NVD/Hikvision disclosures indicate the issue stems from inadequate access control, enabling elevated privileges and compromi...
EUVD-2026-28905
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...
CVE-2026-1749
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...
Hikvision HikCentral Professional å®å Øę¼ę“
Hikvision HikCentral Professional is a professional edition of the AI Cloud-based application management platform designed for edge domains by Hikvision, a Chinese company. Hikvision HikCentral Professional has security vulnerabilities, particularly an access control issue that may allow...
PT-2026-39323
Name of the Vulnerable Software and Affected Versions HikCentral Professional affected versions not specified Description An access control issue exists that could allow an unauthenticated user to obtain admin permissions. Recommendations At the moment, there is no information about a newer versi...
CVE-2026-42291
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-42291
Summary (CVE-2026-42291) SysReptor (Professional/Community) exposes read/write access to usersā personal notes via un-authorized sharing-link creation. From version 2026.4 up to before 2026.27, authenticated attackers who know a victimās note ID could list and create sharing links to that userās ...
IASS-ISP-ASN-Security-Scanner
š IASS ā ISP ASN Security Scanner Automated reconnaissance &...
CVE-2025-14543
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....
EUVD-2025-209595
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....