7 matches found
CVE-2026-53517
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...
CVE-2026-23801
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...
PT-2026-6802
Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...
CVE-2025-8608
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2021-4388
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestatesetfeatureproperty and opalestateremovefeatureproperty functions. This makes it possible for unauthenticated...
CVE-2023-46624
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11...
CVE-2023-41374
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...