217 matches found
WordPress plugin WaveSurfer-WP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-25526
CVE-2026-25526 affects JinJava, a Java-based template engine that renders Jinja-like templates. The vulnerability allows arbitrary Java execution via bypass through the ForTag, enabling instantiation of arbitrary Java classes and filesystem access, bypassing sandbox restrictions. Red Hat and othe...
CVE-2026-25526
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...
EUVD-2026-5336
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...
HubSpot Jinjava 安全漏洞
HubSpot Jinjava is an application developed by a personal developer at HubSpot in the United States. It provides a Java-based template engine and Django template syntax, suitable for rendering Jinja templates. There were security vulnerabilities in versions of HubSpot Jinjava prior to 2.7.6 and...
PT-2026-6313
Name of the Vulnerable Software and Affected Versions JinJava versions prior to 2.7.6 JinJava versions prior to 2.8.3 Description JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the ForTag component that allows for arbitrary Jav...
CVE-2025-68015
Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...
CVE-2025-68015
Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...
CVE-2025-68015
CVE-2025-68015 — WordPress Event Tickets with Ticket Scanner is a code injection vulnerability in Vollstart Event Tickets with Ticket Scanner. Public sources in the Connected set confirm the issue affects Event Tickets with Ticket Scanner, specifically versions up to and including 2.8.3 (n/a thro...
CVE-2025-68015
Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.3...
WordPress Plugin Event Tickets with Ticket Scanner: Code Injection Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MiracleLinux 4 : libarchive-2.8.3-7.AXS4 (AXSA:2016-659:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-659:01 advisory. Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, severa...
CVE-2016-10513
Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...
CVE-2020-24627
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches versions: G2 4x1Ex32 Prior to 2.8.3...
CVE-2025-1802
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...
EUVD-2025-35536
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...
CVE-2025-49922
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...
CVE-2025-49922 WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...
EUVD-2016-1277
Malware in sbrugna...
EUVD-2021-2153
Malware in sbrugna...