Emlog Pro 安全漏洞

Emlog Pro is an open-source blog system developed by Emlog. Version 2.6.9 of Emlog Pro contains a security vulnerability, which stems from a path traversal vulnerability in the template upload function. This vulnerability allows authenticated administrators to execute arbitrary PHP code. By...

GHSA-GGXF-37HM-9WQF instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

CVE-2025-67551

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through = 2.6.9...

CVE-2025-67551 WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through = 2.6.9...

CVE-2025-67551

CVE-2025-67551 affects WordPress Wappointment plugin (

📄 Exclusive Addons for Elementor 2.6.9 Cross Site Scripting

Exclusive Addons for Elementor versions 2.6.9 and below proof of concept that demonstrates a stored cross site scripting vulnerability. ============================================================================================================================================= | Title : Exclusive...

WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Wappointment versions = 2.6.9...

EUVD-2013-4093

Malware in sbrugna...

EUVD-2018-5330

Malware in sbrugna...

EUVD-2025-26211

Malicious code in bioql PyPI...

EUVD-2024-49579

Malicious code in bioql PyPI...

CVE-2025-9602

A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

CVE-2025-9602

Xinhu RockOA versions up to 2.6.9 are affected by an improper authorization vulnerability in the publicsaveAjax function of /index.php. The issue allows remote manipulation and has publicly disclosed exploit material. Remediation is to upgrade to a version beyond 2.6.9 (or applying available patc...

CVE-2025-9602 Xinhu RockOA index.php publicsaveAjax improper authorization

A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Xinhu Company. A security vulnerability exists in Xinhu RockOA 2.6.9 and earlier versions, which originates from an improper authorization issue in the publicsaveAjax function in file/index.php...

PT-2025-35167

Name of the Vulnerable Software and Affected Versions: Xinhu RockOA versions up to 2.6.9 Description: A vulnerability exists in Xinhu RockOA that allows for improper authorization due to manipulation of the publicsaveAjax function within the /index.php file. This issue is potentially exploitable...

Linux Distros Unpatched Vulnerability : CVE-2013-4158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smokeping before 2.6.9 has XSS incomplete fix for CVE-2012-0790 CVE-2013-4158 Note that Nessus relies on the presence of the package as reported by the vendor...

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

CVE-2024-30232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9...

CVE-2021-30181

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...