159 matches found
CVE-2026-42726
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
CVE-2026-42726
CVE-2026-42726 describes a Missing Authorization / Broken Access Control in the WordPress plugin AWP Classifieds (versions
EUVD-2026-32178
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
PT-2026-43638
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect
NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...
WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by she11f in WordPress Plugin AWP Classifieds versions = 4.4.5...
EUVD-2026-27188
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2026-5100
The CVE-2026-5100 entry concerns the WordPress AWP Classifieds plugin up to v4.4.5, vulnerable to SQL Injection via the regions parameter array keys due to insufficient escaping and lack of prepared statements. The issue allows unauthenticated attackers to append additional SQL to existing querie...
PT-2026-36953
Name of the Vulnerable Software and Affected Versions AWP Classifieds versions prior to 4.4.6 Description Insufficient escaping of user-supplied parameters and lack of proper preparation in SQL queries allow unauthenticated attackers to append additional SQL queries. This issue occurs via the...
GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
CVE-2025-71244
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
CVE-2026-24490
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...
CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...
WordPress plugin EduMall 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2021-1408
Malware in sbrugna...
EUVD-2022-50185
Malicious code in bioql PyPI...
EUVD-2023-46154
Malicious code in bioql PyPI...
EUVD-2022-38858
Malicious code in bioql PyPI...
EUVD-2022-38857
Malicious code in bioql PyPI...