13 matches found
CVE-2026-24972
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...
CVE-2026-22360
Cross-Site Request Forgery CSRF vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through = 1.4...
CVE-2025-58944
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through = 1.4...
PT-2025-44287
Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Start Windocks Containers Plugin. This flaw allows attackers to force connections to a URL chosen by th...
CVE-2025-9372
The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject...
CVE-2025-57911
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Adverts adverts-click-tracker allows DOM-Based XSS.This issue affects Adverts: from n/a through = 1.4...
WordPress plugin Disable Auto Updates 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2024-34713 · Odihost · Odihost Easy Gallery
Name of the Vulnerable Software and Affected Versions: Odihost Easy Gallery versions 1.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...
PT-2024-15043
Name of the Vulnerable Software and Affected Versions CyberMath versions 1.4 through 1.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This affects the CyberMath software. Recommendation...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22497 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22497 Source advisory: OSV:GHSA-QH2W-9M7W-HJG2...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49378 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49378 Source advisory: OSV:GHSA-GW26-CCHC-8F2F...
CVE-2023-43668
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or...
PT-2015-5280 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 1.3.x through 1.3.7 Elasticsearch versions 1.4.x through 1.4.2 Description: The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell...