CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

EUVD-2026-34792

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

UBUNTU-CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

PT-2026-36897

Name of the Vulnerable Software and Affected Versions Prometheus versions prior to 3.5.3 Prometheus versions prior to 3.11.3 Description Prometheus is an open-source monitoring system and time series database. The remote read endpoint "/api/v1/read" fails to validate the declared decoded length i...

CVE-2026-25050

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

Vendure security vulnerabilities

Vendure is an open-source e-commerce framework developed by Vendure. Versions prior to Vendure 3.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a time difference in the NativeAuthenticationStrategy.authenticate method, which could lead to username enumeration attacks...

PT-2024-25920 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel versions prior to 3.5.3 Description: The issue allows for XSS via the user photo parameter to My Page. This can potentially lead to malicious script execution. Recommendations: For versions prior to 3.5.3, update to version 3.5.3 ...

CVE-2023-28657

Improper access control vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user...

CVE-2023-28713

Plaintext storage of a password exists in CONPROSYS HMI System CHS versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information ...

Contec CONPROSYS HMI System 代码问题漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3 that stems from a server-side request forgery...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which stems from database account details...

SUSE CVE-2009-3073

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

phpList cross-site scripting vulnerability (CNVD-2020-41816)

phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in versions of phpList prior to 3.5.3. The vulnerability can be exploited by an attacker to elevate privileges with the help of the file lists/admin/template.php...

UBUNTU-CVE-2016-5017

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string...

PT-2016-3454 · Apache +2 · Apache Zookeeper +2

Name of the Vulnerable Software and Affected Versions: Apache Zookeeper versions 3.4.9 and earlier, 3.5.x before 3.5.3 Description: The issue is related to a buffer overflow in the C cli shell of Apache Zookeeper when using the "cmd:" batch mode syntax. This can allow attackers to have an impact ...