CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

PT-2025-53292

Name of the Vulnerable Software and Affected Versions PickPlugins Post Grid and Gutenberg Blocks versions through 2.3.18 Description The Post Grid and Gutenberg Blocks software contains a flaw due to improper input neutralization during web page generation, leading to a potential cross-site...

EUVD-2022-33593

Malicious code in bioql PyPI...

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

CVE-2024-50655

emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder by emlog's individual developers. A security vulnerability exists in emlog version 2.3.18 and prior versions. An attacker can exploit the vulnerability to write malicious JavaScript code in published posts...

PT-2024-34383 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: emlog pro versions 2.3.18 and earlier Description: The issue allows attackers to write malicious JavaScript code in published articles, potentially leading to Cross Site Scripting XSS attacks. Recommendations: For emlog pro versions 2.3.18 an...

CVE-2024-50655

emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...

CVE-2022-29236

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

CVE-2022-29236

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

CVE-2022-29235

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp...

CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

CVE-2022-29233 Improper access control for breakout rooms in BigBlue Button

BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather th...

Exploit for Improper Authentication in Chachethq Cachet

CVE-2021-39165 This Python script allows to exploi...

GHSA-79MG-4W23-4FQC Unauthenticated SQL Injection in Cachet

Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...

Sql injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

CVE-2021-39165

Cachet

Github Cachet SQL注入漏洞

Github Cachet is a software application. An open source status page system. A SQL injection vulnerability exists in versions prior to Cachet 2.3.18, which can be exploited by unauthenticated attackers to steal sensitive data such as administrator passwords and sessions from the database...

Jenkins Credentials Plugin 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...