EUVD-2026-9699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-28037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-28037 WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

PT-2026-23319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2025-63064

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2025-63064

CVE-2025-63064 concerns a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin EventON (versions

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-18916

Malicious code in bioql PyPI...

CVE-2025-52552

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552

CVE-2025-52552 concerns FastGPT, where the LastRoute Parameter on the login page, in versions prior to 4.9.12, is vulnerable to open redirects and DOM-based XSS due to improper validation and lack of sanitization. This can allow an attacker to execute malicious JavaScript or redirect users to att...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

PT-2024-30831 · Unknown · Spiffy Calendar

Name of the Vulnerable Software and Affected Versions: Spiffy Calendar versions through 4.9.12 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

WordPress plugin Spiffy Calendar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Spiffy Calendar Plugin <= 4.9.11 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.11 Fixed in 4.9.12 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38692 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 21e2115ebd60 Credits Nguyễn Trung Kiên anhchangmutrang Required...

Catfishcms V4.9.12 has xss vulnerability

Catfish catfish CMS is open source and free PHP content management system. Catfishcms V4.9.12 has an xss vulnerability that can be exploited by attackers to gain administrative privileges in the backend...

Fedora 25 : kernel (2017-f519ebb3c4)

The 4.9.12 update contains a number of important fixesa cross the tree. This includes a fix for CVE-2017-6074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it...

Linux kernel local security bypass vulnerability (CNVD-2017-02602)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'doshmat' function in the ipc/shm.c file in Linux kernel versions 4.9.12 and earlier. A local attacker can exploit this vulnerability to...

[SECURITY] Fedora 25 Update: kernel-4.9.12-200.fc25

The kernel meta package...