303 matches found
CVE-2025-49891
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49891 WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49891
CVE-2025-49891 is a SQL Injection vulnerability in the WordPress plugin Uxper Booking (uxper-booking) , allowing Blind SQL Injection. It affects versions up to and including 1.3.3 . The issue stems from improper neutralization of input in SQL commands, with CVSS 3.1 vector indicating network atta...
CVE-2025-49891 WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riotweb Contact Info Widget allows Stored XSS. This issue affects Contact Info Widget: from n/a through 2.6.2...
WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Contact Info Widget versions = 2.6.2...
Linux Distros Unpatched Vulnerability : CVE-2025-32802
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...
Linux Distros Unpatched Vulnerability : CVE-2025-32803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through...
VulnCheck KEV: CVE-2025-30567
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through = 2.6.2...
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...
Meshtastic device firmware 安全漏洞
Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware version 1.2.1 through versions prior to 2.6.2, which stems from a possible crash when th...
DEBIAN-CVE-2025-32803
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...
PT-2025-23105
Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common...
CVE-2024-29101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2...
CVE-2024-1326
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and abo...
CVE-2024-54323
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 2.6.2...
CVE-2023-47519
Cross-Site Request Forgery CSRF vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2...
CVE-2023-32580
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...
CVE-2023-36517
Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
CVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets...
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...