Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

CVE-2025-10736

The CVE-2025-10736 entry concerns the WordPress plugin “ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More.” All versions up to 2.2.10 are affected due to improper authorization checks in the userAccessibility() function, allowing unauthentic...

PT-2026-4018

Name of the Vulnerable Software and Affected Versions CleverSoft Anon versions through 2.2.10 Description A flaw exists in CleverSoft Anon anon2x that allows for Reflected Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. An attacker could...

EUVD-2025-203579

Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through = 2.2.10...

CVE-2025-66131

Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through = 2.2.11...

CVE-2025-66131 WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through = 2.2.11...

CVE-2025-66131

Technical details for CVE-2025-66131 (Yaad Sarig Payment Gateway for WC) are not provided in the connected documents. Public information about affected versions, root cause, impact, or fix is not available here; monitor for updates.

PT-2025-51419

Name of the Vulnerable Software and Affected Versions Yaad Sarig Payment Gateway For WC versions through 2.2.10 Description The Yaad Sarig Payment Gateway For WC contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue i...

WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Yaad Sarig Payment Gateway For WC versions = 2.2.11...

cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +99 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.10)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

EUVD-2019-2148

Malware in sbrugna...

EUVD-2025-6245

Malicious code in bioql PyPI...

SUSE-SU-2025:01806-1 Security update for 389-ds

This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...

CVE-2019-9693

In CMS Made Simple CMSMS before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2data.php via the functions updateshow parameter showid, inputshow parameter showid, Getshowinfo parameter showid, Getpictureinfo parameter pictureid, AdjustNameSeq parameter shownumber,...

CVE-2019-8149

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication...

WordPress plugin WPGet API 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WPGet API plugin <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin WPGetAPI versions = 2.2.10...

LTL Freight Quotes – SAIA Edition 2.2.10 SQL Injection Vulnerability

CVE-2024-13483 LTL Freight Quotes – SAIA Edition = 5.6 AND error-based - WHERE, HAVING...

CVE-2024-13483

The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

WordPress plugin LTL Freight Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...