98 matches found
CVE-2026-39438
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar
An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...
CVE-2026-9509
CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...
CVE-2026-44183
CVE-2026-44183 affects Cleanuparr prior to 2.9.10. The vulnerability arises because TrustedNetworkAuthenticationHandler.ResolveClientIp uses the leftmost entry of the X-Forwarded-For header as the client IP, which is attacker-controlled since X-Forwarded-For is append-only. An unauthenticated rem...
PT-2026-40330
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...
VulnCheck KEV: CVE-2025-64377
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...
WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin ListingPro versions = 2.9.10...
CVE-2025-64378
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...
EUVD-2025-204056
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64377
CVE-2025-64377 is a Local File Inclusion vulnerability in the WordPress ListingPro theme for versions prior to 2.9.10, caused by improper filename control in include/require statements in PHP. The issue affects ListingPro: from n/a through
CVE-2025-64378 WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64376 WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64377 WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64378
CVE-2025-64378 describes a Missing Authorization vulnerability in the WordPress ListingPro theme (ListingPro) prior to version 2.9.10. The root cause is misconfigured access control security levels that allow exploitation without user interaction, leading to potential elevation of privileges or u...
CVE-2025-64376
CVE-2025-64376 affects the WordPress ListingPro theme (and ListingPro listings) prior to version 2.9.10. The root cause is improper neutralization of input during web page generation, allowing Reflected XSS. The entry cites a CVSS v3.1 base score of 7.1 (HIGH) with network access, low attack comp...
WordPress plugin ListingPro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-52190
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...
WordPress plugin ListingPro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-52191
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...