22 matches found
CVE-2026-9199 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter
The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...
WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification vulnerability
Missing Authorization to Authenticated Author+ Arbitrary Accessibility Issue Modification vulnerability discovered by g0wthr in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.1...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
OPENSUSE-SU-2026:10228-1 syft-1.42.1-1.1 on GA media
These are all security issues fixed in the syft-1.42.1-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-34158
Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...
CVE-2024-40605
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...
CVE-2024-40601
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...
CVE-2024-40599
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...
CVE-2024-40600
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...
CVE-2024-40596
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...
CVE-2025-1755
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules\. This issue affects MongoDB Compass prior to 1.42.1...
CVE-2025-1755
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...
CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...
CVE-2025-1755
MongoDB Compass (Windows) is affected by CVE-2025-1755: a local privilege escalation vulnerability when a crafted file is stored in C:\node_modules, affecting versions prior to 1.42.1. The condition described enables elevated-privilege actions on the user’s system. Several connected sources (incl...
MongoDB Compass may be susceptible to local privilege escalation in Windows
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...
MongoDB Compass 代码问题漏洞
MongoDB Compass is a free interactive tool from MongoDB, Inc. for querying, optimizing, and analyzing MongoDB data. A code issue vulnerability exists in MongoDB Compass versions prior to 1.42.1 that stems from local elevation of privilege...
PT-2024-28938 · Mediawiki · Mediawiki
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.42.1 Description: An issue was discovered in the Tempo skin for MediaWiki. There is stored XSS via MediaWiki:Sidebar top-level menu entries. Recommendations: For versions through 1.42.1, consider disabling the Tem...
PT-2024-28936 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki Metrolook skin versions through 1.42.1 Description: An issue was discovered in the Metrolook skin for MediaWiki, where there is stored XSS via MediaWiki:Sidebar top-level menu entries. Recommendations: For versions through 1.42.1,...