249 matches found
CVE-2026-27819 Vikunja has Path Traversal in CLI Restore
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...
PT-2026-22033
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description The restoreConfig function in Vikunja fails to properly validate file paths within ZIP archives used for restoration. A specially crafted ZIP file can bypass directory restrictions, potentially...
CVE-2026-27181
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...
PT-2026-20640
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...
CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...
CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...
CVE-2026-27181
MajorDoMo is affected by an unauthenticated module-uninstall vulnerability via the market endpoint. The market/admin flow reads gr('mode') from $_REQUEST and sets $this->mode before authentication, making all mode-gated paths reachable through /objects/?module=market. The uninstall handler cal...
CVE-2023-45084
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue...
MAL-2025-191309 Malicious code in @sameepsi/sor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c938c06786ba13f7feed4114c84d12806a6c7ce595360985be178a8ae4844257 The package @sameepsi/sor was found to contain malicious code. Source: ghsa-malware d04547ce27d4c15e2f969770ddc25732ef8f72d46eb21e8dc06f11fc1dc8eea9...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990423)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990423 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990297 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989894)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989894 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...
GPU-Backed-Shellcode-Execution-PoC
GPU-Backed Shellcode...
PT-2025-43492
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-11510
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...
EUVD-2020-30802
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...
WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability
WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...
EUVD-2010-1796
Malware in sbrugna...
EUVD-2018-0859
Malware in sbrugna...