Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

CVE-2025-8900

CVE-2025-8900 : The Doccure Core WordPress plugin is vulnerable to unauthenticated privilege escalation in versions up to but not including 1.5.4. The flaw allows users registering new accounts to set their own role (via the user_type field), enabling an unauthenticated attacker to create an admi...

PT-2025-44766

Name of the Vulnerable Software and Affected Versions Doccure Core plugin for WordPress versions prior to 1.5.4 Description The Doccure Core plugin for WordPress allows privilege escalation in versions prior to 1.5.4. This occurs because the plugin permits users creating new accounts to define...

CVE-2025-7808 WP Shopify < 1.5.4 - Reflected XSS

The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-33127

Name of the Vulnerable Software and Affected Versions: WP Shopify WordPress plugin versions prior to 1.5.4 Description: The WP Shopify WordPress plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. This could be...

VulnCheck KEV: CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

Roundcube Webmail Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.4.14, versions prior to 1.5.4, and versions prior to 1.6.3, which stems from a...

SUSE CVE-2013-1443

The authentication framework django.contrib.auth in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service CPU consumption via a long password which is then hashed...

PT-2021-16195 · WordPress · Flat Preloader

Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.4 Description: The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change...

WordPress Catch Breadcrumb Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Catch Breadcrumb is a breadcrumb navigation plugin that is used to display the current location of a web page. A cross-site scripting...

DEBIAN-CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2015-6104

Name of the Vulnerable Software and Affected Versions Rack versions prior to 1.5.4 Rack versions 1.6.x prior to 1.6.2 Description The issue allows remote attackers to cause a denial of service, resulting in a SystemStackError, via a request with a large parameter depth. This affects products that...

WordPress Plugin Cart66 Lite 'models/Cart66.php' Directory Traversal Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in WordPress plugin Cart66 Lite 'models/Cart66.php' versions prior to 1.5.4, which...