CVE-2025-69099

Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through = 5.7.5...

CVE-2025-69100

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through = 5.7.5...

PT-2026-4170

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through = 5.7.5...

CVE-2020-36861 Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.5 that stems from the SNMP Trap Interfa...

PT-2025-44467

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.5 Core Config Manager CCM versions prior to 3.0.8 Description The Core Config Manager CCM in Nagios XI has multiple cross-site scripting XSS issues in the overlay UI elements and the Notification/Check Period...

PT-2025-44472

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.5 Description Nagios XI versions prior to 5.7.5 have a SQL injection issue in the SNMP Trap Interface edit page. An account with administrative privileges is required to access the affected interface. A user wit...

EUVD-2023-40461

Malicious code in bioql PyPI...

Internet Brands vBulletin 安全漏洞

Internet Brands vBulletin is a forum plugin from Internet Brands, Inc. A security vulnerability exists in Internet Brands vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, which stems from the possibility that an unauthenticated user could invoke protected API controller methods...

CVE-2024-47392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through = 5.7.5...

CVE-2025-35939 Craft CMS stores user-provided content in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 5.7.5 that stems from failure to clean the contents of session files, which could lead to arbitrary code execution...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

RHSA-2023:5783 Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.5 release and security update

Bulletin has no description...

CVE-2023-36512

CVE-2023-36512 is a Broken Access Control vulnerability in the WordPress plugin AutomateWoo (

WordPress plugin AutomateWoo security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2023-27103 · Vbulletin · Vbulletin

Name of the Vulnerable Software and Affected Versions: vBulletin versions 5.7.5 through 6.0.0 Description: A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin allows attackers to execute arbitrary web scripts or HTML via the "/login.php?do=login" url parameter...

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

WordPress Premium Packages Plugin <= 5.7.4 is vulnerable to Privilege Escalation

Software Premium Packages Type Plugin Vulnerable versions = 5.7.4 Fixed in 5.7.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc8d08d3355c Credits Lana...

WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.7.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID baa4f71a9406 Credits Rafie Muhammad Patchsta...