CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2

CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2. An upgraded version of the package is available that resolves this issue...

CVE-2025-67531

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue affects Turitor: from n/a through 1.5.3...

EUVD-2025-202113

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue affects Turitor: from n/a through 1.5.3...

CVE-2025-67531

CVE-2025-67531 is a Local File Inclusion in Turitor theme. Affected: Turitor WordPress Theme, versions earlier than 1.5.3. Root cause: improper filename handling for PHP include/require statements enabling local file inclusion. Public references confirm vulnerability and a fix: patched in 1.5.3. ...

CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks...

Feedbacksystem 安全漏洞

Feedbacksystem is an application open-sourced by the Institute for Information Sciences. It uses artificial intelligence to provide smart, personalized feedback to students. A security vulnerability exists in Feedbacksystem versions prior to 1.5.3 that stems from an insufficient authorization...

SUSE CVE-2009-3951

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-482...

CVE-2022-3849

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-34295

totd before 1.5.3 does not properly randomize mesg IDs...

Grunt 安全漏洞

Grunt is a JavaScript task runner. A security vulnerability exists in Grunt versions prior to 1.5.3, which stems from file.copy being susceptible to TOCTOU Attackers can exploit this vulnerability to perform arbitrary file writes...

WordPress wps-hide-login plugin security bypass vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wps-hide-login is a hide-login plugin used in it. A security vulnerability exists in WordPress wps-hide-login plugin versio...

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS...

PT-2019-11542 · Timesheet · Timesheet Next Gen

Name of the Vulnerable Software and Affected Versions: Timesheet Next Gen versions 1.5.3 and earlier Description: The issue allows an attacker to execute arbitrary HTML and JavaScript code via a redirect parameter. This is a reflected Cross Site Scripting XSS attack, where the victim may click on...

IdentityServer Cross-Site Scripting Vulnerability

IdentityServer is an open source OAuth framework for ASP.NET Core. A cross-site scripting vulnerability exists in IdentityServer versions 4 1.x prior to 1.5.3 and 2.x prior to 2.1.3, which stems from the program's failure to encode a redirect URL on the Authorization Response page.A remote attack...

Mirasvit Helpdesk MX Code Execution Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A security vulnerability exists in Mirasvit Helpdesk MX versions prior to 1.5.3. A remote attacker can exploit the vulnerabili...

CVE-2017-14320

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files...

CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

Python Cryptography Security Bypass Vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security bypass vulnerability in Python Cryptography versions prior to 1.5.3 allows attackers to bypass...