Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9. More...
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8. More information : https://patchstack.com/database/wordpress/plugin/image-slider-slideshow/vulnerability/wordpress-image-slider-slideshow-plugin-1-8-insecure-direct-object-references-idor-vulnerability?_s_id=cve
Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8. More information : https://patchstack.com/database/wordpress/plugin/dashboard-welcome-for-beaver-builder/vulnerability/wordpress-dashboard-welcome-for-beaver-builder-plugin-1-0-8-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2. More information : https://patchstack.com/database/wordpress/plugin/baqend/vulnerability/wordpress-speed-kit-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18. More...
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected...
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: ...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation MediaWiki – UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki – UploadWizard extension: 1.45, 1.44, 1.43, 1.39....
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()`...
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The...
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local...
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the...
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative...
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted...