CVE-2026-32508

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through 1.8...

CVE-2026-32508

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through 1.8...

CVE-2026-32508

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through 1.8...

PT-2026-28022

Name of the Vulnerable Software and Affected Versions Mikado-Themes Halstein versions prior to 1.8 Description An issue exists in Halstein that allows for object injection due to deserialization of untrusted data. This could potentially allow for malicious code execution. Recommendations Update...

WordPress plugin Heart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

Dell Hybrid Client 路径遍历漏洞

Dell Hybrid Client is a software application from Dell USA Inc. It provides a client computing software with hybrid cloud management capabilities. A path traversal vulnerability exists in Dell Hybrid Client versions prior to 1.8. The vulnerability stems from a failure of a networked system or...

PT-2022-22162 · Dell · Dell Hybrid Client

Name of the Vulnerable Software and Affected Versions: Dell Hybrid Client versions prior to 1.8 Description: The issue is related to a Regular Expression Denial of Service in the UI. An adversary with WMS group admin access could potentially exploit this, leading to temporary denial-of-service...

WordPress plugin Awin Data Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-14202 · WordPress · Awin Data Feed

Name of the Vulnerable Software and Affected Versions: Awin Data Feed WordPress plugin versions prior to 1.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted via an AJAX action...

Providence 跨站脚本漏洞

Providence is the "back-end" component of CollectiveAccess, a set of web-based applications from the CollectiveAccess community in the United States. A security vulnerability exists in Providence versions prior to 1.8, which stems from a cross-site scripting vulnerability...

CVE-2016-10954

The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload...

UBUNTU-CVE-2018-16949

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values...

CVE-2018-10309

The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS...

POCO 'ZipCommon::isValidPath()' function absolute path traversal vulnerability

POCO C++ Libraries is a set of C++ class libraries developed by Austrian software developer Gunter Obiltschnig, which are used to develop portable web-based applications with threading, file and streaming capabilities. A security vulnerability in the 'ZipCommon::isValidPath' function in the...

CVE-2016-9346

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted...

UBUNTU-CVE-2015-0250

XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...