Wireshark 2.2.x < 2.2.14 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.2.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.14 advisory. - The MP4 dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto...

CVE-2025-14283

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

CVE-2025-14283

CVE-2025-14283 - BlockArt Blocks (WordPress plugin) : A stored XSS vulnerability in BlockArt Counter is caused by insufficient input sanitization and output escaping on user-supplied attributes. It affects BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks, WordPress Block Plugin, Sections &...

CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and outpu...

PT-2025-50562

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect url as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

Miniflux 输入验证错误漏洞

Miniflux is a minimalist synopsis reader open-sourced by Miniflux. An input validation error vulnerability exists in Miniflux 2 2.2.14 and earlier versions, which stems from insufficient redirecturl validation and could lead to a post-login phishing attack...

WordPress BlockArt Blocks plugin <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via timestamp Attribute vulnerability discovered by Farhan Dio Arrafiq in WordPress Plugin BlockArt Blocks versions = 2.2.13...

EUVD-2008-3811

Malware in sbrugna...

EUVD-2025-28203

Malicious code in bioql PyPI...

EUVD-2024-17275

Malicious code in bioql PyPI...

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...

WordPress plugin Kids Planet 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2020-22732

CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...

CVE-2020-23240

Cross Site Scripting XSS vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature...

WordPress Kids Planet Theme <= 2.2.14 is vulnerable to PHP Object Injection

Software Kids Planet Type Theme Vulnerable versions = 2.2.14 Fixed in 2.2.14.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-48289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bcc60af9dea2 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

DEBIAN-CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in versions of Rack prior to 2.2.14 that stems from a session recovery issue that could lead to an unauthorized user occupying a session...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in Rack versions prior to 2.2.14, 3.0.16, and 3.1.14, which stems from Rack::QueryParser parsing a query string without limiting the number of parameters, which could lead to a denial-of-service atta...

WordPress School Management System – WPSchoolPress plugin <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection vulnerability

Authenticated Student/Parent+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin WPSchoolPress versions = 2.2.14...