WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

EUVD-2026-33910

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42685

The CVE-2026-42685 entry concerns the WordPress plugin WP Job Portal (versions up to 2.5.1). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during page generation. Affected product: WP Job Portal. Root cause: insufficient input handlin...

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42684 WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42684 WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42684

CVE-2026-42684 affects WordPress WP Job Portal plugin versions up to 2.5.1. It is an SQL Injection due to improper neutralization of special elements in SQL commands, described as a blind SQL injection. According to the sources, the issue impacts the plugin in a network-inspired attack with high ...

PT-2026-45736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.1...

FreeBSD : devel/ocaml-opam -- CWE-24 Path Traversal: '../filedir' (9b5d6fbb-4893-11f1-82bf-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9b5d6fbb-4893-11f1-82bf-3c7c3fba4204 advisory. https://github.com/ocaml/opam/releases/tag/2.5.1 reports: In OCaml opam before 2.5.1, a .install field...

Fedora 43 : opam (2026-42ff51d2c7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-42ff51d2c7 advisory. See https://github.com/ocaml/opam/releases/tag/2.5.1 for changes in version 2.5.1. Tenable has extracted the preceding description block directly from the...

VulnCheck KEV: CVE-2024-52490

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

UBUNTU-CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

OPENSUSE-SU-2026:10568-1 opam-2.5.1-1.1 on GA media

These are all security issues fixed in the opam-2.5.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

devel/ocaml-opam -- CWE-24 Path Traversal: '../filedir'

https://github.com/ocaml/opam/releases/tag/2.5.1 reports: In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. Reported by Andrew Nesbitt...

OSEC-2026-03 opam install sandbox escape

Summary .install files do not validate whether they are inside the package area, and so can bypass sandboxing. Exploit In a package.install file, this installs a file as /.bashrc: bin: "payload.sh" "../../../.bashrc" Timeline - 2026-04-11: Anil forwarded the issue from Andrew Nesbitt to the OCaml...

JLSEC-2026-113 Deno is Vulnerable to Command Injection on Windows During Batch File Execution

Summary Deno versions up to 2.5.1 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. Details In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed even if the application does not specify it via the...

Tophat 操作系统命令注入漏洞

Tophat is a test tool open sourced by Shopify. Versions of Tophat prior to 2.5.1 contained an operating system command injection vulnerability. This vulnerability stemmed from uncleaned parameters, which could lead to remote code execution...