WordPress Everest Forms Pro plugin <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field vulnerability

Unauthenticated Remote Code Execution via Calculation Field vulnerability discovered by hoshino in WordPress Plugin Everest Forms Pro versions = 1.9.12...

WordPress plugin Everest Forms Pro 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

ORICO NAS CD3510 安全漏洞

The ORICO NAS CD3510 is a personal storage device manufactured by ORICO Corporation. Versions of the ORICO NAS CD3510 prior to V1.9.12 contained security vulnerabilities. These vulnerabilities were caused by incorrect symbol link tracking, which could lead to the disclosure or tampering with the...

EUVD-2025-206721

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

PT-2026-5970

Name of the Vulnerable Software and Affected Versions ORICO NAS CD3510 versions V1.9.12 and below Description The ORICO NAS CD3510 is affected by an Incorrect Symlink Follow issue. This allows attackers to potentially leak or modify the internal file system. An attacker can format a USB drive to...

CVE-2025-14224

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...

CVE-2025-14220

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220 ORICO CD3510 File Upload path traversal

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220 ORICO CD3510 File Upload path traversal

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

EUVD-2025-201669

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

ORICO CD3510 路径遍历漏洞

The ORICO CD3510 is a networkable hard disk enclosure from ORICO. A path traversal vulnerability exists in the ORICO CD3510 version 1.9.12, which stems from a path traversal vulnerability in the file upload component...

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cart Weight for WooCommerce versions = 1.9.11...

EUVD-2021-10270

Malware in sbrugna...

EUVD-2024-27834

Malicious code in bioql PyPI...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

PT-2025-34340 · WordPress · Spacious

Name of the Vulnerable Software and Affected Versions: Spacious theme for WordPress versions prior to 1.9.12 Description: The Spacious theme for WordPress is susceptible to unauthorized data modification due to the absence of a capability check within the welcome notice import handler function...

RSJoomla! RSTickets! 跨站脚本漏洞

RSJoomla! RSTickets! is a work order system from RSJoomla! A cross-site scripting vulnerability exists in RSJoomla! RSTickets! versions 1.9.12 through 3.3.0, which stems from stored cross-site scripting and could lead to a cross-site scripting attack...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...