CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

CVE-2025-54155 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...

QNAP Systems File Station 5 代码问题漏洞

QNAP Systems File Station 5 is a file management software from QNAP Systems. A code issue vulnerability exists in QNAP Systems File Station 5 versions prior to 5.5.6.5018, which stems from the presence of a null pointer dereference that could lead to a denial of service attack...

EUVD-2022-51989

Malicious code in bioql PyPI...

CVE-2025-58614 WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.6...

CVE-2025-29890

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2024-32521

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6...

CVE-2023-24419

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

WordPress Ivory Search Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Ivory Search Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.5.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6835 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cb7652ee4cde Credits stealthcopter Required...

Malicious code in marvinjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 965b7b4455eec757889260ad7d11671ee747f1d78f5ccca323303d223f246c43 The OpenSSF Package Analysis project identified 'marvinjs' @ 5.5.6 npm as malicious. It is considered malicious because: - The package...

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin The Plus Addons for Elementor Page Builder security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35741 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.6 Description: The issue is related to Reflected Cross-Site Scripting via the forgoturl attribute within the plugin's WP Login & Register widge...

WordPress Element Pack Elementor Addons plugin <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search vulnerability

Sensitive Information Exposure via elementpackajaxsearch vulnerability discovered by Krzysztof Zając in WordPress Plugin Element Pack Elementor Addons versions = 5.5.6...

WordPress Ivory Search Plugin <= 5.5.5 is vulnerable to Broken Access Control

Software Ivory Search Type Plugin Vulnerable versions = 5.5.5 Fixed in 5.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff3a7d3e493 Credits Thura Moe Myint mgthuramoemyint...