aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:PYSEC-2026-148...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: SNYK:PYTHON-WAGTAIL-16624531...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: OSV:GHSA-C4MR-889M-VGF6...

EUVD-2017-8684

Malware in sbrugna...

EUVD-2024-50279

Malicious code in bioql PyPI...

CVE-2024-31924

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

WordPress plugin hashtagger 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-30909

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.3...

WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Conversios.io versions = 7.2.3...

CVE-2025-30909

CVE-2025-30909 pertains to Conversios.io (Conversios: Google Analytics GA4, Google Ads, GTM & Pixel tracking) where a Missing Authorization flaw exists in versions up to 7.2.3. The connected ENISA vulnerability entry EUVD-2025-8313 confirms this issue as a “Missing Authorization” flaw and notes a...

PT-2025-4384 · Undici +7 · Undici +7

Name of the Vulnerable Software and Affected Versions: undici versions 4.5.0 through 5.28.4 undici versions 4.5.0 through 6.21.0 undici versions 4.5.0 through 7.2.2 Description: The issue arises from undici using Math.random to choose the boundary for a multipart/form-data request. It is known th...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

WordPress Booster for WooCommerce plugin <= 7.2.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Booster for WooCommerce versions = 7.2.3...

Malicious code in cs-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc924b01d9d1492c726482e9cfb4985b29cfd9c8771d907af44c2d7351d1ff36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-48773

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process...

PT-2024-33209 · Wofit · Wofit

Name of the Vulnerable Software and Affected Versions: WoFit version 7.2.3 Description: The issue allows a remote attacker to obtain sensitive information via the firmware update process. Recommendations: For WoFit version 7.2.3, at the moment, there is no information about a newer version that...

PT-2024-4150 · Fortinet · Fortiswitchmanager +5

Name of the Vulnerable Software and Affected Versions: FortiPAM versions 1.0.0 through 1.1.2 FortiPAM version 1.2.0 FortiWeb affected versions not specified FortiAuthenticator affected versions not specified FortiSwitchManager versions 7.0.1 through 7.2.3 FortiOS versions 6.0.0 through 7.4.3...

Really Simple SSL < 8.0.0 - Admin+ Server-Side Request Forgery

Description The Really Simple SSL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...