4 matches found
CVE-2026-14487
The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...
ALPINE-CVE-2025-58060
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
PT-2024-37168 · WordPress · Conditional Fields For Contact Form 7
Name of the Vulnerable Software and Affected Versions: Conditional Fields for Contact Form 7 plugin for WordPress versions up to, and including, 2.4.13 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wpcf7cf admin init function...