15 matches found
CVE-2026-39648
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...
CVE-2026-39565
Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...
CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint
The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...
CVE-2026-25605
A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...
CVE-2026-25569
A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...
MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...
WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...
PT-2025-14429 · Unknown · Ai Auto Tool Content Writing Assistant
Name of the Vulnerable Software and Affected Versions: Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions n/a through 2.1.7 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQ...
CVE-2025-21730
creationtimestamp| type| source ---|---|--- 2025-02-27 04:30:09+00:00| seen| https://t.me/cvedetector/18976 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability
Bypass Vulnerability vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Contact Form Builder, Contact Widget versions = 2.1.7...
CVE-2023-21769 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
...
URule 代码问题漏洞
URule is a pure Java rules engine by Gao Jie youseries individual developers. URule v2.1.7 version has a security vulnerability, the vulnerability stems from the existence of XML external entity XXE vulnerability, an attacker can be exploited to exploit the vulnerability by the carefully crafted...
CloudBees Jenkins Stored Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CVE-2026-21747
...
CVE-2026-21744
CVE-2026-21744 entry is rejected/not used and does not represent an active vulnerability.