Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification

webdevstudios Custom Post Type UI

Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

beaverbuilder Beaver Builder Page Builder – Drag and Drop Website Builder fastlinemedia beaver_builder

Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

codejunkie Clik stats

Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting

codisto Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto

WebP Express <= 0.25.9 - Unauthenticated Information Exposure

roselldk WebP Express

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

allnet all-rut22gw_firmware

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the co...

allnet all-rut22gw_firmware

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH ...

thermofisher ion_torrent_onetouch_2_firmware

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are st...

thermofisher torrent_suite_software

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are po...

thermofisher ion_torrent_onetouch_2_firmware

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the mid...

thermofisher torrent_suite_software

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code ...

thermofisher torrent_suite_software

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure...

thermofisher torrent_suite_software

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-bas...

yzcheng90 x-springboot

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitiv...

composio composio

Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers ...

fuyang_lipengjun platform

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers t...

fuyang_lipengjun platform

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attacke...

fuyang_lipengjun platform

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextclo...

Nextcloud Nextcloud

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment ...

edupluscampus edupluscampus