CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

PT-2026-36489

Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists where the session and cache handlers utilize the unserialize function on data retrieved from Redis within the RedisHandler object. Recommendations ...

CVE-2024-58342 XenForo Open Redirect via getDynamicRedirect

XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host...

CVE-2024-58342

XenForo Open Redirect (CVE-2024-58342): Affected: XenForo pre-2.2.17 and pre-2.3.1. Root cause: the getDynamicRedirect() path does not adequately validate the redirect target, allowing an open redirect via specially crafted URLs (including newlines, user credentials, or host mismatches). Impact: ...

WordPress Quick View for WooCommerce plugin <= 2.2.17 - Unauthenticated Private Product Disclosure vulnerability

Unauthenticated Private Product Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Quick View for WooCommerce versions = 2.2.17...

WordPress plugin Quick View for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

EUVD-2025-19923

Malicious code in bioql PyPI...

WordPress plugin WP Human Resource Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Intelbras RX1500 Router 安全漏洞

Intelbras RX1500 Router is a router from Intelbras, Brazil. A security vulnerability exists in Intelbras RX1500 Router v2.2.17 and earlier versions, which stems from an integer overflow in the websReadEvent function when processing http headers, which may result in an array out-of-bounds...

CVE-2025-50404

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array...

PT-2025-27547 · Intelbras · Intelbras Rx1500 Router

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 Router versions prior to 2.2.17 Description: The vulnerability resides in the FirmwareUpload and GetFirmwareValidation functions due to improper access control. Exploitation may allow a remote attacker to gain unauthorized...

PT-2025-27546 · Intelbras · Intelbras Rx1500 Router

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 Router versions 2.2.17 and earlier Description: An integer overflow exists in the websReadEvent function when processing the command field of the HTTP header. This can allow a remote attacker to execute arbitrary code or caus...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-005)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2HAPROXY2-2023-005 advisory. A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensur...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-007)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-007 advisory. HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7...

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

CVE-2023-36969

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple v2.2.17, whic...

Jenkins Plugin Fogbugz 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

PT-2022-22333 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.16 and earlier Description: An incorrect permission check in the Jenkins requests-plugin Plugin allows attackers with Overall/Read permission to view the list of pending requests. This issue is...