CVE-2026-25379 WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through 6.8.6...

CVE-2026-25379 WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through 6.8.6...

WordPress plugin StreamVid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2024-1799

The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievementtypes' attribute of the gamipressearnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escapin...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker exploiting this vulnerability is able to abuse the UpdateOTRAck method. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version 6.9.6, version 6.8.6...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker has exploited the vulnerability to cause a workspace crash. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version 6.9.6, version 6.8.6, version...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker exploiting this vulnerability can abuse the UpdateOTRAck method to send temporary messages. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version...

Cross site scripting

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

Command injection

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

CVE-2020-7115

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF...