247 matches found
CVE-2025-58017
CVE-2025-58017 is a Stored XSS vulnerability in Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor (Ultimate Store Kit Elementor Addons). The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting in affected pages. Affected ver...
org.apache.kafka:kafka-perf_2.8.2 (>=0.8.0 <=0.8.0-beta1), org.apache.nifi:nifi-kafka-nar (>=0.0.1-incubating <=0.3.0) +1 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.8.2 (>=0.8.0-beta1 <=0.8.1)
org.apache.kafka:kafka2.8.2 MAVEN version =0.8.0-beta1, =0.8.0, =0.0.1-incubating, =0.0.1-incubating, =0.3.0 Source cves: CVE-2025-27819 Source advisory: OSV:GHSA-MCWH-C9PG-XW43...
WordPress plugin BNS Featured Category 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
CVE-2023-45103
Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
CVE-2022-24782
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the stable branch, 2.9.0.beta3 and prior in the beta branch, and 2.9.0.beta3 and prior in the tests-passed branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to catego...
CVE-2021-43963
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...
CVE-2021-34544
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not...
CVE-2020-11037
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is...
CVE-2018-20853
An issue was discovered in the MailPoet Newsletters aka wysija-newsletters plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks...
CVE-2025-39472
Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...
CVE-2025-39472
CVE-2025-39472 corresponds to a CSRF vulnerability in the WPWooCommerce Social Login plugin (WooCommerce Social Login). Affected versions are 2.8.2 and earlier; the issue arises from Cross-Site Request Forgery that could allow unauthorized actions on behalf of a user. The fix is to upgrade to ver...
CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...
Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS
Summary IBM Fusion HCI and IBM Fusion's graphical user interface are vulnerable to a denial of service due to Node.js, isaacs node-tar, and ShowdownJS. CVE-2024-4068, CVE-2024-28863, CVE-2024-1899. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...
CVE-2024-22315
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...
PT-2024-36795 · Unknown · Onyxia-Api
Name of the Vulnerable Software and Affected Versions: Onyxia-API versions prior to 2.8.2 Onyxia-API versions prior to 3.1.1 Onyxia-API versions prior to 4.2.0 Description: This issue allows authenticated users to remotely execute code within the Onyxia-API, potentially leading to unauthorized...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
WordPress Category Ajax Filter plugin <= 2.8.2 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Le Ngoc Anh in WordPress Plugin Category Ajax Filter versions = 2.8.2...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
WordPress plugin Category Ajax Filter 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
WordPress XT Floating Cart for WooCommerce plugin <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin XT Floating Cart for WooCommerce versions = 2.8.2...