Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request f...
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT...
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error ...
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image synta...