CVE-2026-32426

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

PT-2026-25272

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

MiracleLinux 4 : cups-1.4.2-44.AXS4 (AXSA:2012-67:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-67:01 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a...

PT-2025-2013 · Unknown · Crelly Slider

Name of the Vulnerable Software and Affected Versions: Crelly Slider versions prior to 1.4.7 Description: The issue arises from the plugin not sanitizing and escaping some of its settings, potentially allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting...

phpIPAM 跨站脚本漏洞

phpIPAM is the phpIPAM open source set of open source PHP and MySQL based IP address management applications IPAM. A cross-site scripting vulnerability exists in versions of phpIPAM prior to 1.4.7. An attacker exploiting this vulnerability could execute arbitrary JavaScript code in the victim's...

WordPress Call Now Button plugin < 1.4.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dikshita Trivedi Cybersecdexter in WordPress Plugin Call Now Button versions 1.4.7...

CVE-2023-5748

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

PT-2023-15077 · WordPress · Wp Table Builder

Name of the Vulnerable Software and Affected Versions: WP Table Builder plugin versions prior to 1.4.7 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This allows for malicious script execution. Recommendations: F...

SUSE CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

SUSE CVE-2014-9771

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service memory consumption or application crash via a crafted image, which triggers an invalid read operation...

PT-2022-17348

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.4.7 Description The issue concerns the lack of authentication or authorization for visitors, allowing them to view sensitive system information, including server software, PHP version, and the fu...

CVE-2022-23912

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting...

CVE-2022-23911

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection...

UBUNTU-CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...

WordPress one-click-ssl plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. one-click-ssl is an SSL Transport Layer Security setup plugin that is used in it. A cross-site request forgery vulnerability exists in...

Unspecified Cross-Site Scripting Vulnerability in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. A cross-site scripting vulnerability exists in the image processor of Zenphoto versions prior to 1.4.7. A remote attacker can explo...

wireshark: Heap-based buffer over-read in Visual Networks dissector

Integer underflow in the visualread function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service application crash via a malformed Visual Networks file that triggers a heap-based buffer over-read...

UBUNTU-CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...