CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-23444

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nasir179125 Scroll Top Advanced scroll-top-advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a through = 2.5...

CVE-2025-46256

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10...

CVE-2020-7269

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7270

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

CVE-2023-50854

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02...

CVE-2023-49764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2...

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

CVE-2021-2361

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: SDK client integration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2025-23658

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through = 1.1.0...

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....

Important: Red Hat Security Advisory: mariadb:10.3 security update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

CVE-2025-46256

CVE-2025-46256 relates to WordPress Advanced Database Cleaner PRO before or up to 3.2.10, with a Limited .txt Path Traversal vulnerability. Affected software is the Advanced Database Cleaner PRO plugin (SigmaPlugin implementation). Impact described as path traversal; CVSS v3.1 base score 6.4 (NET...

CVE-2025-46256 WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO advanced-database-cleaner-pro allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through = 3.2.10...

CVE-2025-46256 WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10...

CVE-2025-12030

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...