9 matches found
PT-2026-56564
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user can receive messages on denied subjects. This occurs when a wildcard subscription overlaps with a...
CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
SUSE CVE-2026-27585
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2025-13220
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...
WordPress Web Accessibility By accessiBe plugin <= 2.10 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...
CVE-2025-26357
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests...
CVE-2025-26352
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...
GHSA-H86X-MV66-GR5Q OS Command Injection in Locutus
php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...
Nugmubs ChronoForms Cross-Site Scripting Vulnerability
Nugmubs ChronoForms is a plugin from the individual developers of Nugmubs for providing discussion functionality to Joomla. A cross-site scripting vulnerability exists in Nugmubs ChronoForms version 2.0.11, which originates when inserting a crafted payload into a post. If any user sees the post,...