EUVD-2026-10076

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.2, prior to 1.7.2, and prior to 2.0.2, which originates from a user being able to modify the shopping cart after completing the...

Jenkins plugin Authorize Project 跨站脚本漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

WordPress Web Directory Free plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Simone Onofri, Kim Cerra, Andrea De Dominicis in WordPress Plugin Web Directory Free versions 1.7.2...

SUSE CVE-2012-2095

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message...

SUSE CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator QEMU before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

PT-2023-13620 · WordPress · Visual Email Designer For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Visual Email Designer for WooCommerce WordPress plugin versions prior to 1.7.2 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL...

WordPress 插件 跨站脚本漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site scripting vulnerability exists in the login form in Patreon WordPress versions prior to 1.7.2. An attacker can exploit this vulnerability to conduct cross-site scriptin...

PrestaShop 授权问题漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A security vulnerability exists in PrestaShop versions prior to 1.7.2. The...

PT-2020-20366 · Google · Google Play Core Library

Name of the Vulnerable Software and Affected Versions: Google Play Core Library versions prior to 1.7.2 Description: A local, arbitrary code execution issue exists in the SplitCompat.install endpoint in Android's Play Core Library. This allows a malicious attacker to create an apk that targets a...

WordPress kiwi-logo-carousel plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. kiwi-logo-carousel is a rotating effect plugin used in it. A cross-site request forgery vulnerability exists in WordPress kiwi-logo-carousel plugin...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08599)

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A cross-site scripting vulnerability exists in Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script ...

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08598)

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A cross-site scripting vulnerability exists in versions of Zulip Server prior to 1.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Cross site scripting

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the default LOCALUPLOADSDIR storage backend...

UBUNTU-CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...

DEBIAN-CVE-2013-4148

Integer signedness error in the virtionetload function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow...

CVE-2013-4539

Multiple buffer overflows in the tsc210xload function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted 1 precision, 2 nextprecision, 3 function, or 4 nextfunction value in a savevm image...

qemu: virtio-scsi: buffer overrun on invalid state load

The virtioscsiloadrequest function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access...