🚨 CVE-2024-32729
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.
This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
🎖@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.
This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
🎖@cveNotify
Patchstack
Arbitrary File Download in WordPress Conversational Forms for ChatBot Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-32949
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Integrate Google Drive: from n/a through 1.3.8.
🎖@cveNotify
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Integrate Google Drive: from n/a through 1.3.8.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Integrate Google Drive Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-33685
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Startupzy: from n/a through 1.1.1.
🎖@cveNotify
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Startupzy: from n/a through 1.1.1.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Startupzy Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-33909
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects iPages Flipbook: from n/a through 1.5.1.
🎖@cveNotify
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects iPages Flipbook: from n/a through 1.5.1.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress iPages Flipbook Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-34810
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.
This issue affects Skyline WP: from n/a through 1.0.10.
🎖@cveNotify
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.
This issue affects Skyline WP: from n/a through 1.0.10.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Skyline WP Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-35648
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.
This issue affects Emergency Password Reset: from n/a through 8.0.
🎖@cveNotify
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.
This issue affects Emergency Password Reset: from n/a through 8.0.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Emergency Password Reset Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37210
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects AliNext: from n/a through 3.3.5.
🎖@cveNotify
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects AliNext: from n/a through 3.3.5.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress AliNext Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37496
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.3.7.
🎖@cveNotify
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.3.7.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Metro Magazine Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-49269
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress my flatonica Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-31013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.
This issue affects Themify Folo: from n/a through 1.9.6.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.
This issue affects Themify Folo: from n/a through 1.9.6.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Themify Folo Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-48571
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
🎖@cveNotify
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
🎖@cveNotify
🚨 CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2025-48643
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2025-49403
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
🎖@cveNotify
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
🎖@cveNotify
Patchstack
Arbitrary File Download in WordPress Premium Age Verification / Restriction for WordPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.