CVE-2026-42748

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

EUVD-2026-32197

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

PT-2026-43657

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the pages.access permission check during the rendering process of page drafts. An attacker can gain unauthorized access to sensitive page draft content by authenticating as a user without the required permission...

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

EUVD-2026-25910

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

CVE-2026-28364

CVE-2026-28364 affects OCaml runtimes prior to 4.14.3 and 5.x prior to 5.4.1. The issue is a buffer over-read in Marshal deserialization (runtime/intern.c) caused by missing bounds validation in readblock(), which uses unbounded memcpy() calls with attacker-controlled lengths from crafted Marshal...

Adminer 输入验证错误漏洞

Adminer is an open-source WordPress plugin developed by Adminer. It allows WordPress administrators to perform database management tasks quickly. Versions of Adminer prior to 5.4.1 had a vulnerability related to input validation errors. This vulnerability stemmed from a lack of source verificatio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000394 advisory. The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58...

Joomla! XSS Vulnerability (20260102)

Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

QNAP Photo Station XMR Mining Vulnerability (NAS-201705-04)

QNAP Photo Station is prone to a vulnerability related to XMR mining programs. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-20210

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

CVE-2017-20210

This CVE concerns QNAP Photo Station. Affected software: Photo Station versions 5.4.1 and 5.2.7. Root cause: related to XMR mining programs; vendors indicate a security fix is included in these versions. Impact and exploitation details are not provided in the documents beyond the XMR-mining assoc...

QNAP Systems Photo Station 安全漏洞

QNAP Systems Photo Station is an online photo album from China-based QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A security vulnerability exists in QNAP Systems Photo Station versions 5.4.1 and 5.2.7 that stems from a security issue related to the X...

CVE-2025-62031 WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through = 5.4.1...

PT-2025-45298

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.1 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. This allows for potential malicious code execution through web...

PT-2025-45297

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.1 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. This allows for potential malicious code execution through web...

WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin tagDiv Composer versions = 5.4.1...

EUVD-2020-3411

Malware in sbrugna...

EUVD-2016-9341

Malware in sbrugna...