CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

PT-2024-16769 · WordPress · Serious Slider

Name of the Vulnerable Software and Affected Versions: Serious Slider WordPress plugin versions prior to 1.2.7 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

Winter 安全漏洞

Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...

PT-2023-25093 · WordPress · Formcraft

Name of the Vulnerable Software and Affected Versions: FormCraft WordPress plugin versions prior to 1.2.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

DEBIAN-CVE-2007-6697

Buffer overflow in the LWZReadByte function in IMGgif.c in SDLimage before 1.2.7 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third...