CVE-2026-39690

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

EUVD-2022-34540

Malicious code in bioql PyPI...

WordPress CURCY Plugin <= 2.1.25 is vulnerable to Broken Access Control

Software CURCY Type Plugin Vulnerable versions = 2.1.25 Fixed in 2.1.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46796 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1511c5726b64 Credits Muhammad Daffa Required privile...

CVE-2022-2265

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25...

Path traversal

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25...

CVE-2022-2265 Path traversal in Identity and Directory Management System

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25...

PT-2022-15597

Name of the Vulnerable Software and Affected Versions Identity and Directory Management System versions prior to 2.1.25 Description The issue is related to an unauthenticated Path traversal vulnerability in the Identity and Directory Management System. This vulnerability has been fixed in version...

Directory Management System 路径遍历漏洞

Directory Management System is a directory management system by the individual developer Anuj Kumar. A path traversal vulnerability exists in Directory Management System versions prior to 2.1.25, which stems from an unauthenticated path traversal vulnerability...

WordPress plugin CURCY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Denial of Service (DoS)

Overview Microsoft.NETCore.App is a set of .NET API's that are included in the default .NET Core application model. Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS...

Security fix for the ALT Linux 9 package dotnet-coreclr-2.1 version 2.1.25-alt1

2.1.25-alt1 built March 1, 2021 Vitaly Lipatov in task 266708 --- Feb. 17, 2021 Vitaly Lipatov - new version 2.1.25 with rpmgs script - CVE-2021-1721: .NET Core Denial of Service Vulnerability - CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability...

TeamPass SQL Injection Vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in TeamPass versions 2.1.26, 2.1.25, and 2.1.24, which stems from the program failing to properly filter user-submitted input when constructing SQL query statements. An attacker could use this...

DEBIAN-CVE-2013-7303

Multiple cross-site scripting XSS vulnerabilities in 1 squelettes-dist/formulaires/inscription.php and 2 prive/forms/editerauteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field...