EUVD-2026-6122

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

PT-2026-8315

Name of the Vulnerable Software and Affected Versions Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 Description A security flaw exists in Flos Freeware Notepad2. The issue involves an uncontrolled search path within an unknown function in the Msimg32.dll library. Local access is required...

EUVD-2025-28181

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15268-1 python311-Django4-4.2.22-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.22-1.1 package on the GA media of openSUSE Tumbleweed...

OESA-2025-1642 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 Content Management System.CWE is classifying the issue as CWE-117. The product does n...

CVE-2025-48261

CVE-2025-48261 is an information exposure issue in MultiVendorX (WordPress plugin) described as an insertion of sensitive information into sent data, allowing retrieval of embedded sensitive data. Affected releases range up to 4.2.22; multiple sources label the CVE with a CVSS v3.1 base score of ...

PT-2025-24522 · Unknown · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX versions through 4.2.22 Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: For versions through 4.2.22, update to a version later...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.2.2, prior to 5.1.10, and prio...

CVE-2025-48263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through = 4.2.22...

CVE-2025-48263 WordPress MultiVendorX plugin <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through = 4.2.22...

PT-2025-21974 · Unknown · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX versions through 4.2.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throu...

CVE-2025-4101

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'deletefpmproduct' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated...

WordPress plugin MultiVendorX – WooCommerce Multivendor Marketplace Solutions 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in WordPress plugin MultiVendorX -...

BigTree cross-site scripting vulnerability (CNVD-2018-10229)

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the user management page in Fastspot BigTree versions prior to 4.2.22. The vulnerability can be exploited by a remote attacker to...

BigTree CMS < 4.2.22 XSS Vulnerability

BigTree CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fastspot BigTree File Upload Vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. Fastspot BigTree 4.2.22 and earlier versions of site/index.php/admin/trees/add/ has a security vulnerability , the vulnerability stems from core/inc/bigtree/apis/storage.php fi...

CVE-2018-10364

BigTree before 4.2.22 has XSS in the Users management page via the name or company field...

CVE-2018-10364

BigTree CMS

Code injection

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files...

Cross site scripting

An issue was discovered in BigTree 4.2.22. There is cross-site scripting XSS in /core/inc/lib/less.php/test/index.php because of a $SERVER'REQUESTURI' echo, as demonstrated by the dir parameter in a file=charsets action...