CVE-2026-48865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

EUVD-2026-33651

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

WordPress plugin LearnPress has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-45439

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

CVE-2025-71242

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

Linux Distros Unpatched Vulnerability : CVE-2025-71242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when...

Linux Distros Unpatched Vulnerability : CVE-2026-25128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0...

EUVD-2026-5026

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.3.6 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...

Fast-XML-Parser security vulnerability

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. There are security vulnerabilities in the versions of fast-xml-parser from 4.3.6 to 5.3.3. These...

EUVD-2024-30262

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

[SECURITY] Fedora 43 Update: singularity-ce-4.3.6-1.fc43

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure...

EUVD-2024-32465

Malicious code in bioql PyPI...

EUVD-2024-35398

Malicious code in bioql PyPI...

CVE-2024-32444

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

CVE-2024-32444

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through = 4.3.6...

CVE-2024-32444 WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

CVE-2024-35637

Server-Side Request Forgery SSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.3.6...

WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luc Patchstack in WordPress Theme RealHomes versions = 4.3.6...

SQL Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to SQL Injection through the XMLDB editor tool. An attacker with administrative privileges can manipulate database queries and potentially access or modify data without proper authorization by injectin...