102 matches found
WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload
WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: A memory leak was fixed in testgensynthcmd and testemptysynthevent. In testgensynthcmd, the buffer is freed only in the “fail” path. Therefore, the buffer may be leaked when there is no failure. Adding kfreebuf preven...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed wild-memory-access in registersynthevent. In registersynthevent, if setsyntheventprintfmt fails, then both traceremoveeventcall and unregisterTraceEvent will be called. This means that traceeventcall will call...
crm-automator (>=1.9.5 <=1.11.5), ex4nicegui (=0.9.0) +3 more potentially affected by CVE-2026-45554 via nicegui (>=3.0.4 <=3.10.0)
nicegui PYPI version =3.0.4, =1.9.5, =1.0.0, =12.22.3, =12.22.5 Source cves: CVE-2026-45554 Source advisory: SNYK:PYTHON-NICEGUI-16757878...
Exploit for CVE-2026-1306
CVE-2026-1306 — midi-Synth WordPress WordPress midi-Synth...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006637 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in registersynthevent In registersynthevent, if...
WordPress midi-Synth plugin <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability
Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability discovered by WordFence in WordPress Plugin midi-Synth versions = 1.1.0...
CVE-2026-1306
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
CVE-2026-1306
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
CVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-0736
The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-1306
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
CVE-2026-1306
The MIDI-Synth WordPress plugin (
CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
PT-2026-8073
Name of the Vulnerable Software and Affected Versions midi-Synth plugin for WordPress versions up to and including 1.1.0 Description The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type and file extension validation within the 'export' AJAX...
WordPress plugin midi-Synth 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MiracleLinux 8 : unbound-1.7.3-15.el8 (AXSA:2021-2060:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2060:02 advisory. unbound: integer overflow in the regional allocator via regionalalloc CVE-2019-25032 unbound: integer overflow in sldnsstr2wirednamebuforigin can le...
ROS-20260114-7325
A vulnerability in the sound/core/seq/oss/seqosssynth.c module of the Linux operating system kernel is related to synchronization errors when using a shared resource "Race Situation" when processing SysEx messages. Exploitation of the vulnerability could allow an attacker to cause a denial of...