EUVD-2026-28649

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

EUVD-2022-29991

Malicious code in bioql PyPI...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

PT-2023-7312 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 13.1.5 through 17.0.0 Description: A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or potentially execute arbitrary code. In appliance mode...

CVE-2022-28695

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows...

CVE-2022-25306

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

Cross site scripting

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

Cross site scripting

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when sit...

CVE-2022-25305 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress WP Statistics plugin 13.1.5 and earlier versions have a cross-site scripting vulnerability that can be exploited...

PT-2022-17099 · WordPress · Wp Statistics

Name of the Vulnerable Software and Affected Versions: WP Statistics versions up to and including 13.1.5 Description: The issue is related to SQL Injection due to insufficient escaping and parameterization of the current page id parameter found in the /includes/class-wp-statistics-hits.php file...

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF REST API endpoint vulnerability (K08402414)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08402414 advisory. - On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1,...

F5 Networks BIG-IP : BIND vulnerability (K77326807)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.5 / 15.1.6 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K77326807 advisory. In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1...

Adobe Media Encoder Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2019-39589)

Adobe Media Encoder is a video and audio encoding application. An out-of-bounds read information disclosure vulnerability exists in the parsing of MOV files in versions prior to Adobe Media Encoder 13.1.5. The vulnerability stems from a lack of proper validation of user-supplied data. An attacker...