WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

CVE-2025-67909

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

CVE-2023-53038 scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject's routine to NULL check pdata. Currently, an early return error is thrown from lpfcreadobject to protect...

Malicious code in @facetca/facet-mmleditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3afa70fa6de6ec83d479072d976210414be16f6e5f35019f8aadd2e0c6c4ec91 The OpenSSF Package Analysis project identified '@facetca/facet-mmleditor' @ 3.0.3 npm as malicious. It is considered malicious because: - The...

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

Urbandroid Sleep 安全漏洞

Urbandroid Sleep is an app from Urbandroid Inc. which is used to track the sleep of customers. A security vulnerability exists in Urbandroid Sleep version v.20230303 that originates from an unauthorized application causing a persistent denial of service by manipulating the SharedPreference file...

PT-2023-2907 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x Description: The issue is related to improper authorization in the Hitachi Vantara Pentaho Business Analytics Server. Exploitation of this...

VulnCheck KEV: CVE-2020-2507

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3...

UBUNTU-CVE-2019-1010302

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 showIPTC. The attack vector is: the victim must open a specially crafted JPEG file...

PHP Scripts Mall PHP Appointment Booking Script Cross-Site Scripting Vulnerability

PHP Scripts Mall PHP Appointment Booking Script is a web based online appointment booking system by PHP Scripts Mall India. A cross-site scripting vulnerability exists in the user profile page in PHP Scripts Mall PHP Appointment Booking Script version 3.0.3, which can be exploited by attackers to...