CVE-2026-1508

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

WordPress Court Reservation plugin < 1.10.9 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Court Reservation versions 1.10.9...

CVE-2026-1508

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2025-68852

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852

CVE-2025-68852 involves the WordPress Court Reservation plugin (court-reservation) with a Reflected XSS caused by improper input neutralization during web page generation. Public docs identify affected versions as Court Reservation: n/a through &lt;= 1.10.11 (NVD/Red Hat/CVE listings) and

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2021-41173

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside fro...

EUVD-2023-1966

Malicious code in bioql PyPI...

Malicious code in subnplanmgmtserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41808cc4bbfb04af471b477a6c3bd56c1b9d5eba6fcc1572d6fda3ba46617d8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-7657

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/updaterows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated...

Gila CMS 跨站脚本漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL from Gila CMS. A cross-site scripting vulnerability exists in Gila CMS version 1.10.9, which stems from the parameter content in file /cm/updaterows/page?id=2 that can lead to a cross-site scripting attack...

PT-2024-38485 · Gila Cms · Gila Cms

Name of the Vulnerable Software and Affected Versions: Gila CMS version 1.10.9 Description: A problematic issue was found in Gila CMS, affecting an unknown part of the file /cm/update rows/page?id=2 within the HTTP POST Request Handler component. The manipulation of the content argument leads to...

gRPC Security Vulnerabilities

gRPC is a modern, open-source, high-performance remote procedure call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC versions prior to 1.10.9, 1.9.15, and 1.8.22, which stems from the ability to allocate memory far beyond the configuration limit for incoming messages...

WordPress LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor = 1.10.9 - Authenticated Contributor+ Stored Cross-Site Scripting versions = 1.10.9...

WordPress plugin LottieFiles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-34349 · WordPress · Lottiefiles

Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

SUSE CVE-2024-32462

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...

Flatpak 安全漏洞

Flatpak is an application virtualization system for Linux desktop application computer environments. A security vulnerability exists in Flatpak versions prior to 1.10.9, 1.12.9, 1.14.6, and 1.15.8, which stems from a sandbox escape that can be caused when Flatpak is used in conjunction with...