23 matches found
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerabilit...
CVE-2025-68076 WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through = 2.4.6...
WordPress plugin Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...
WordPress MxChat – AI Chatbot for WordPress plugin <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin MxChat versions = 2.4.6...
CVE-2025-8091
CVE-2025-8091 affects EventON Lite for WordPress (versions <= 2.4.6). Multiple sources confirm an Information Disclosure vulnerability via add_single_eventon/add_eventon shortcodes, enabling access to data from protected or draft posts. advisories converge on upgrading to 2.4.7+ (PTSecurity no...
WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability
Authenticated Contributor+ Information Disclosure vulnerability discovered by Takihana Shota in WordPress Plugin EventON versions = 2.4.6...
WordPress plugin Ocean Extra 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11,...
PT-2025-6362 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker...
WordPress Clone plugin <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' vulnerability
Unauthenticated PHP Object Injection via 'recursiveunserializedreplace' vulnerability discovered by Webbernaut in WordPress Plugin Clone versions = 2.4.6...
PT-2024-38592 · Microchip · Timeprovider 4100
Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The...
PT-2024-4485 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read and potentially result in arbitrary co...
CVE-2024-20719
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...
CVE-2024-20717
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
PT-2024-1796 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerabl...
PT-2023-9138 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier Description: The issue is related to an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user...
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
PT-2023-5394 · Adobe · Commerce +1
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p1 and earlier Adobe Commerce versions 2.4.5-p3 and earlier Adobe Commerce versions 2.4.4-p4 and earlier Description: The issue is related to insufficient access control in Adobe Commerce and Magento Open Source,...
CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...
CVE-2023-29289
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interactio...