CVE-2025-12087

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

CVE-2025-12087

The CVE-2025-12087 issue affects the WordPress plugin Wishlist and Save for later for Woocommerce (versions up to and including 1.1.22). It is an Insecure Direct Object Reference vulnerability triggered by insufficient validation of a user-controlled key in the awwlm_remove_added_wishlist_page AJ...

PT-2025-46564

Name of the Vulnerable Software and Affected Versions The Wishlist and Save for later for Woocommerce plugin for WordPress versions through 1.1.22 Description The software contains an Insecure Direct Object Reference issue. An authenticated attacker with Subscriber-level access or higher can dele...

WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Booking Ultra Pro versions = 1.1.21...

CVE-2025-36062

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic...

IBM Cognos Analytics Mobile 安全漏洞

IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. Integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile versions 1.1.0 through 1.1.22, which stems from the use o...

CVE-2024-29096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22...

CVE-2025-47657

CVE-2025-47657: SQL Injection in Productive Commerce (WordPress plugin) affecting versions n/a–1.1.22. Public data shows a high-severity, network-exposed vulnerability (CVSS 3.1, base score 9.3) with no exploit details provided and the patch status as Unpatched; no fixed version is listed in the ...

CVE-2025-47657 WordPress Productive Commerce <= 1.1.22 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Productive Minds Productive Commerce allows SQL Injection. This issue affects Productive Commerce: from n/a through 1.1.22...

WordPress plugin Productive Commerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2024-22716 · Unknown · Mjm Clinic

Name of the Vulnerable Software and Affected Versions: MJM Clinic versions 1.1.22 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for malicious scripts to be injected into web pages. No...

TP-LINK Tapo C200 安全漏洞

The TP-LINK Tapo C200 is a webcam device from China P&L TP-LINK. A security vulnerability exists in TP-LINK Tapo C200 V3 version 1.1.22 Build 220725, which originates from a vulnerability that allows an attacker with physical access to the camera to extract and decrypt sensitive data such as Wifi...

SUSE CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

SUSE CVE-2008-0596

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service memory consumption and daemon crash via a large number of requests to add and remove shared printers...

SUSE CVE-2009-1196

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service cupsd daemon outage or crash via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."...

CVE-2022-36539

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children...

PT-2022-23453 · Wedaycare B.V · Ouderapp

Name of the Vulnerable Software and Affected Versions: WeDayCare B.V Ouderapp versions prior to 1.1.22 Description: The issue allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. Recommendations: For versions prior to 1.1.22, update...

@phoenix-plugin-registry/hirse.ungit (=0.8.3), hirse.ungit (>=0.4.1 <=0.8.3) potentially affected by CVE-2022-25766 via ungit (>=1.1.22 <=1.5.2)

ungit NPM version =1.1.22, =0.4.1, =0.8.3 Source cves: CVE-2022-25766 Source advisory: SNYK:JS-UNGIT-2414099...

CUPS pdftops过滤器多个整数溢出漏洞

BUGTRAQ ID: 35195 CVECAN ID: CVE-2009-0791 Common Unix Printing System（CUPS）是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS的pdftops过滤器中存在多个可能导致堆溢出的整数溢出漏洞。攻击者可以创建恶意的PDF文件，如果打印了该文件就会导致pdftops崩溃或以运行lp用户的权限执行任意指令。 Easy Software Products CUPS 1.1.22 厂商补丁： Easy Softwar...

cups: DoS (stop, crash) by renewing CUPS browse packets

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service cupsd daemon outage or crash via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."...