CVE-2021-37631

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

CVE-2021-32752

Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may...

PT-2025-21407 · WordPress · Nokaut Offers Box

Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue concerns the lack of CSRF check when updating settings in the Nokaut Offers Box WordPress plugin. This could allow attackers to make a logged-in admin reset...

PT-2025-21239 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

CVE-2025-46824

The CVE-2025-46824 entry concerns the Discourse Code Review Plugin. Before commit eed3a80, an attacker could cause arbitrary JavaScript execution in a user’s browser by clicking links to malicious GitHub commits, effectively enabling an XSS vector in Discourse code review workflows. The issue is ...

CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

UBUNTU-CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

CVE-2025-32022 Finit has heap based buffer overwrite in urandom.so plugin

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

FlatPress 跨站请求伪造漏洞

FlatPress is a lightweight, easy to set up flat file blogging engine from the FlatPress open source. A cross-site request forgery vulnerability exists in FlatPress. An attacker exploiting this vulnerability can enable or disable plugins...

PT-2025-12007 · WordPress · Meintopf

Name of the Vulnerable Software and Affected Versions: mEintopf WordPress plugin versions 0.2.1 and earlier Description: The mEintopf WordPress plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used...

PT-2025-2118 · WordPress · Transfinanz Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: TransFinanz WordPress plugin version 1.0.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be used...

PT-2025-2116

Name of the Vulnerable Software and Affected Versions JustRows free WordPress plugin versions 0.2 and earlier Description The issue arises from the plugin not sanitising and escaping a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. This could be used...

PT-2025-2125 · WordPress · Essential Real Estate

Name of the Vulnerable Software and Affected Versions: Essential WP Real Estate WordPress plugin versions 1.1.3 and earlier Description: The issue is related to Reflected Cross-Site Scripting, where generated URLs are not properly escaped before being outputted in attributes. This can lead to...

PT-2025-1997

Name of the Vulnerable Software and Affected Versions WordPress Email Newsletter WordPress plugin versions 1.1 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page...

PT-2025-2074

Name of the Vulnerable Software and Affected Versions The WordPress Google Map Professional Map In Your Language WordPress plugin versions 1.0 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before...

PT-2025-5464 · Unknown · Machform Shortcode

Name of the Vulnerable Software and Affected Versions: MachForm Shortcode versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2025-5360 · Jenkins · Jenkins Azure Service Fabric Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Service Fabric Plugin versions 1.6 and earlier Description: A Cross-Site Request Forgery CSRF issue allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method. Th...

PT-2024-17436 · WordPress · Exhibit To Wp Gallery

Name of the Vulnerable Software and Affected Versions: Exhibit to WP Gallery WordPress plugin version 0.0.2 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This could be...

PT-2024-36790

Name of the Vulnerable Software and Affected Versions pyrage versions 1.2.0 through 1.2.2 Description The issue concerns the execution of arbitrary binaries due to malicious plugin names, recipients, or identities. This can occur when a plugin name containing a path separator is provided to the a...