110 matches found
WordPress Greenshift plugin <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' vulnerability
Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspbelreusableload' vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Greenshift versions = 12.8.3...
WordPress plugin Greenshift – animation and page builder blocks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-2371
Summary (CVE-2026-2371) The Greenshift – animation and page builder blocks WordPress plugin versions up to and including 12.8.3 are vulnerable to an insecure direct object reference in the gspb_el_reusable_load AJAX handler. The handler accepts an arbitrary post_id and renders the content of any ...
CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...
CVE-2026-2371
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...
CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...
PT-2026-23762
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspb el reusable load AJAX handler. The handler accepts an...
EUVD-2026-5194
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...
EUVD-2026-5198
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...
EUVD-2026-5202
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
PT-2026-5242
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4 Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages,...
CVE-2025-14819 OpenSSL partial chain store policy bypass
When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...
Quantum Key Distribution without Authentication and Information Leakage
Quantum key distribution QKD is the most widely studied quantum cryptographic model that exploits quantum effects to achieve information-theoretically secure key establishment. Conventional QKD contains public classical post-processing steps that require authentication to prevent impersonation an...
EUVD-2022-55737
In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4xattrblockset where we constantly keep finding xattr block for reuse in mbcache but we are unable to...
EUVD-2025-199340
Malicious code in @alexadark/reusable-functions npm...
CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...
CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...
EUVD-2025-24814
Malicious code in bioql PyPI...
EUVD-2023-58031
Malicious code in bioql PyPI...
EUVD-2023-31347
Malicious code in bioql PyPI...