13 matches found
CVE-2026-8382
The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...
PT-2026-45169
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
OpenCTI 安全漏洞
OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A security vulnerability exists in OpenCTI versions prior to 6.8.1, which stems from a lack of authorization checking in a GraphQL mutation that could lead to unauthorized resource deletion...
WordPress plugin YaySMTP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...
PT-2024-35775 · Taiga · Taiga
Name of the Vulnerable Software and Affected Versions: Taiga version 6.8.1 Description: A CSV injection issue allows attackers to execute arbitrary code via uploading a crafted CSV file. This is achieved by loading a specifically manipulated CSV file, enabling the execution of arbitrary code...
Taiga 安全漏洞
Taiga is a free open source project management tool from Taiga Open Source. A security vulnerability exists in Taiga version 6.8.1, which stems from the presence of an open redirection vulnerability that allows an attacker to redirect a user to an arbitrary website by appending a crafted link...
Creativeitem Academy-LMS Security Vulnerability
Creativeitem Academy-LMS is an online learning platform from Creativeitem, Inc. A security vulnerability exists in Creativeitem Academy-LMS version v.6.8.1, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code and obtain sensitive informatio...
UBUNTU-CVE-2024-29203
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...
PT-2024-23105
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...
CVE-2016-6816
creationtimestamp| type| source ---|---|--- 2023-12-06 16:37:48+00:00| seen| https://t.me/arpsyndicate/1510...
PT-2023-23415 · Videogo · Videogo
Name of the Vulnerable Software and Affected Versions: Videogo version 6.8.1 Description: The issue is related to incorrect access control, allowing attackers to bind shared devices even after the connection has been ended. Recommendations: For version 6.8.1, update to a newer version that...
CVE-2023-29681
Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...