CVE-2025-64371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64371

The CVE-2025-64371 entry concerns the WordPress Traveler theme (Traveler) with a SQL Injection vulnerability in versions prior to 3.2.6. The root cause is improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected product/version: WordPress Traveler theme ...

EUVD-2025-204060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.6...

EUVD-2025-204061

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-64372

CVE-2025-64372 affects the WordPress Traveler theme prior to version

PT-2025-52185

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.6...

Linux Distros Unpatched Vulnerability : CVE-2017-15574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. CVE-2017-15574 Note that Nessus relies on the...

GHSA-PQHP-4XFC-HJGQ Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

PT-2025-4600 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the dependente editarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scrip...

PT-2025-4777 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS issue was identified in the adicionar alergia.php endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts into the nome parameter...

WeGIA 代码问题漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A code issue vulnerability exists in WeGIA versions prior to 3.2.6, which stems from a cross-site scripting vulnerability in the file upload functionality that could allow an attacker to execute arbitrary...

PT-2023-21559 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: OpenSIPS versions prior to 3.1.9 and 3.2.6 Description: OpenSIPS is a Session Initiation Protocol SIP server implementation. If the ds is in list function is used with an invalid IP address string, OpenSIPS will attempt to print a string from...

SUSE CVE-2017-15574

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment...

Rundeck Information Disclosure Vulnerability

Rundeck is an open source automation service with a Web console, command line tools and WebAPI from Rundeck, Inc. in the United States, which is used to run automation tasks. A security leak exists in Rundeck versions prior to 3.2.6. An attacker can exploit the vulnerability by sending a request ...

Craft CMS Information Disclosure Vulnerability (CNVD-2019-24876)

Craft CMS is a content management system CMS. An information disclosure vulnerability exists in Craft CMS version 2 prior to 2.7.10 and version 3 prior to 3.2.6. The vulnerability stems from an error in configuration or other errors in the operation of a networked system or product. An unauthoriz...

Server side request forgery (ssrf)

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

Redmine Information Disclosure Vulnerability (CNVD-2017-31951)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . An information disclosure vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to...

Redmine Information Disclosure Vulnerability (CNVD-2017-31956)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . An information disclosure vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to...

Redmine cross-site scripting vulnerability (CNVD-2017-31954)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to 3.3.3...