CVE-2026-3488

The WP Statistics plugin for WordPress (vulnerable up to 14.16.4) suffers Missing Authorization due to missing capability checks on multiple AJAX handlers (wp_statistics_get_filters, wp_statistics_getPrivacyStatus, wp_statistics_updatePrivacyStatus, wp_statistics_dismiss_notices). These endpoints...

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

EUVD-2017-6756

Malware in sbrugna...

CVE-2025-49996

Missing Authorization vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.4...

Unspecified vulnerability in Linux kernel (CNVD-2024-35103)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to account for the possibility that the NIC may only send statistics for some queues when reading...

CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

UBUNTU-CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

SUSE CVE-2011-2495

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc//io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password...

PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation

!/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a customer. The exploit will yield a valid employee cookie f...

Unauthorized Access Vulnerability in DMS Integrated Management System of Shanghai Toothwood Communication Technology Co.

Toothwood Technology yamutech claims to be the leading integrated DNS service provider with the widest coverage area and the largest number of users in China. Multiple overstepping access vulnerabilities exist in the DMS, the network management module of yamutech's DNS equipment, allowing an...

PT-2006-2921 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.x up to 0.10.14 Description: The issue affects multiple components, including H.248, X.509if, SRVLOC, H.245, AIM, and general packet dissectors, as well as the statistics counter. Remote attackers can cause a denial of...

SAFE TEAM Regulus 2.2 - Customer Statistics Information Disclosure

SAFE TEAM Regulus 2.2 - Customer Statistics Information Disclosure source: https://www.securityfocus.com/bid/11134/info Regulus is reported prone to an information disclosure vulnerability. It is reported that it is possible to view a target users connection statistics without requiring valid...