CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

EUVD-2025-36595

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4...

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

EUVD-2018-6817

Malware in sbrugna...

EUVD-2019-3138

Malware in sbrugna...

EUVD-2025-6550

Malicious code in bioql PyPI...

Security Bulletin: IBM FileNet Content Manager GraphQL Cross-site request forgery security vulnerability

Summary IBM FileNet Content Manager in GraphQL, there is a Cross-site request forgery security vulnerability. Vulnerability Details CVEID:CVE-2020-4745 DESCRIPTION: IBM FileNet Content Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

WordPress Poll Maker plugin < 5.5.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Poll Maker versions 5.5.4...

WordPress plugin Poll Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-11717 · Strategy11 · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions n/a through 5.5.4 Description: The issue is related to a missing authorization vulnerability in Strategy11 Form Builder Team Formidable Forms, which allows exploiting incorrectly configured access control security...

WordPress Poll Maker plugin <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication vulnerability

Cross-Site Request Forgery to Poll Duplication vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Poll Maker versions = 5.5.4...

PT-2024-26658 · Unknown · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder Lite versions through 5.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.5.4...

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2024-35733 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the size...

WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.5.4...

RoboDK 安全漏洞

RoboDK is a robot driver from RoboDK, Inc. A security vulnerability exists in RoboDK version v5.5.4, which stems from vulnerability to heap-based buffer overflows when working with specific project files, and the resulting memory corruption may crash the application...

WordPress Element Pack Elementor Addons Plugin <= 5.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baacef610d60 Credits Nikolas...

AZL-35752 CVE-2024-27304 affecting package telegraf for versions less than 1.31.0-1

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...

CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...