CVE-2026-45543

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-2306

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the createFluentCartTable function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with...

CVE-2026-2306 Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the createFluentCartTable function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with...

WordPress plugin Ninja Tables – Easy Data Table Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

EUVD-2026-15905

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-52855

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to differences in response times for existing and non-existing users in the password reset functionality. An attacker can determine the existence of usernames by observing the time it takes for the server to respond...

Joomla! 5.x < 5.2.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

WordPress All In One WP Security & Firewall Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software All In One WP Security & Firewall Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4458bfd0a1fc Credits...

CVE-2023-39917

Cross-Site Request Forgery CSRF vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.2.6 versions...

WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Photo Gallery by Ays Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39917 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dcde53c55582 Credits Skalucy Requir...

CVE-2022-46763

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...