EUVD-2026-30992

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

Drupal Date iCal 安全漏洞

Drupal Date iCal is a Drupal calendar export module developed by the Drupal company. Versions of Drupal Date iCal prior to 4.0.15 contained security vulnerabilities, which were due to lack of authorization and could lead to forced browsing...

WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion vulnerability

WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin = 4.0.15 - Missing Authorization to Unauthenticated wpwdpluginstyle Rww Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Whydonate versions = 4.0.15...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

EUVD-2025-205601

phpMyFAQ has Stored XSS in user list via admin-managed displayname...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

EUVD-2025-35551

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

PT-2025-43171

Name of the Vulnerable Software and Affected Versions Whydonate versions through 4.0.15 Description A missing authorization flaw exists in Whydonate, potentially allowing access to functionality that should be restricted by Access Control Lists ACLs. This could allow unauthorized access to certai...

EUVD-2024-35067

Malicious code in bioql PyPI...

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

CVE-2025-26768

CVE-2025-26768 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin what3words Address Field (versions up to 4.0.15). The issue allows stored cross-site scripting via CSRF, affecting the plugin’s Address Field from “n/a through 4.0.15.” The associated CVSS 3.1 base score is 7.1 (HIGH): v...

PT-2025-7229 · What3Words · What3Words Address Field

Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...

WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin what3words Address Field versions = 4.0.15...

CVE-2024-22892

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...

PYSEC-2024-290

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

PYSEC-2024-99

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...

OpenSlides 安全漏洞

OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...

PT-2024-19601 · Unknown · Openslides

Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...