18 matches found
CVE-2026-55677
Echo (Go framework) prior to 4.15.3 and 5.2.0 has a router vs static file handler decoding mismatch: the router uses the raw encoded path while StaticDirectoryHandler unescapes %2F to /, enabling bypass of route-level access controls to read static files without authorization. The vulnerability i...
CVE-2026-55677
Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...
CVE-2025-67549
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...
EUVD-2025-202097
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...
CVE-2025-67549
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...
CVE-2025-67549
CVE-2025-67549 affects the WordPress plugin oik up to version 4.15.3. Root cause: improper input neutralization during web page generation, enabling DOM-based XSS. Impact: DOM-based XSS with Low–Medium confidentiality, integrity, and availability effects (CVSS v3.1 base 6.5). Affected product: oik
WordPress plugin oik 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-49923
CVE-2025-67549 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik:… https://t.co/n89C6BHSeV...
WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin oik versions = 4.15.2...
CVE-2025-35939 Craft CMS stores user-provided content in session files
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
WordPress ProfilePress Plugin < 4.15.3 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
WordPress MStore API plugin <= 4.15.3 - Unauthorized User Registration vulnerability
Unauthorized User Registration vulnerability discovered by wesley wcraft in WordPress Plugin MStore API versions = 4.15.3...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload
Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...
WordPress ProfilePress Plugin <= 4.15.2 is vulnerable to Cross Site Scripting (XSS)
Software ProfilePress Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1535 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 06caa12c0913 Credits Arkadiusz Hydzik Required...
WordPress Matomo Analytics Plugin <= 4.15.3 is vulnerable to Cross Site Scripting (XSS)
Software Matomo Analytics Type Plugin Vulnerable versions = 4.15.3 Fixed in 5.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6923 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d69c8015e6ca Credits Felipe Restrepo...
SUSE: Security Advisory (SUSE-SU-2022:0283-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sierra Wireless AceManager Detection (HTTP)
HTTP based detection Sierra Wireless AceManager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...