16 matches found
CVE-2026-1986
The CVE concerns FloristPress for Woo – Florist plugin for WordPress. A Reflected Cross-Site Scripting vulnerability exists in all versions up to 7.8.2, caused by insufficient input sanitization and output escaping of the user-supplied noresults parameter. This can allow unauthenticated attackers...
Security Bulletin: A vulnerability in the jackson-core package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in the jackson-core package affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to...
Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...
react-router 跨站脚本漏洞
react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in react-router versions 7.0.0 through 7.8.2, which stems from a cross-site scripting vulnerability when generating script:ld+json tags in framework mode, which could lead to the executi...
CVE-2023-7320
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract...
WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.2...
CVE-2025-52718
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...
CVE-2025-52718
The CVE-2025-52718 entry concerns WordPress Alone (Bearsthemes Alone) with an improper control of generation of code, enabling remote code inclusion and arbitrary code execution. Affected: Alone theme versions n/a through 7.8.2. Root cause: Code generation control weaknesses allow injected code t...
WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary Code Execution
Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2025-52718 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 95e1c49b307c Credits Trương Hữu Phúc truonghuuphuc Required privileg...
Squidex Cross-Site Scripting Vulnerability
squidex is a Headless CMS and Content Management Center. A cross-site scripting vulnerability exists in Squidex version 7.8.2, which stems from a lack of raw validation in the postMessage handler, leading to a cross-site scripting XSS vulnerability...
McAfee Web Gateway Information Disclosure Vulnerability (CNVD-2020-17035)
McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An information disclosure vulnerability exists in McAfee MWG versions 7.8.2.x prior to 7.8.2.12, which can be exploited by an attacker to...
PT-2019-3137 · Mcafee · Mcafee Web Gateway
Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway versions 7.8.2.x prior to 7.8.2.12 Description: The issue is related to the lack of protection for internal data in the McAfee Web Gateway. It allows a remote attacker to disclose protected information using a specially...
Open-Xchange (OX) App Suite Content Spoofing Vulnerability (Jun 2018)
Open-Xchange OX App Suite is prone to a content spoofing vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Open-Xchange AppSuite Information Disclosure Vulnerability (CNVD-2016-09926)
Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. An information disclosure vulnerability exists in Open-Xchange AppSuite 7.8.2 and...
Debian: Security Advisory (DSA-3149-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-3416
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...