2609 matches found
EUVD-2023-58146
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2026-3599
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
PT-2026-33255
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
WAGO Smart Designer 安全漏洞
WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)
Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
WordPress Blog Designer - Post and Widget plugin <= 2.7.7 - Backdoor vulnerability
WordPress Blog Designer - Post and Widget plugin = 2.7.7 - Backdoor vulnerability discovered by ? in WordPress Plugin Blog Designer - Post and Widget versions = 2.7.7...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)
Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
CVE-2026-3594
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)
Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...
VulnCheck KEV: CVE-2025-48281
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...
CVE-2025-36422
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2026-25371
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)
Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...
CVE-2026-21994
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
EUVD-2025-209025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...