CVE-2026-45375

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

PT-2026-33097

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions n/a through 3.7.1 Description Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, allows for the execution of unauthorized SQL commands. Recommendations At the moment, ther...

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

Logseq 安全漏洞

Logseq is a knowledge management and collaboration platform from Logseq Open Source. A security vulnerability exists in Logseq version 0.10.9, which stems from the mishandling of arbitrary Javascript code in the specially crafted README.md file by the component /app/marketplace.html, which could...

EUVD-2009-1493

Malware in sbrugna...

CVE-2025-24706 WordPress MultiVendorX plugin <= 4.2.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through = 4.2.13...

CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

The vulnerability of the DownloadDataFromOfficeMarketPlace method in the Microsoft Exchange Server mail server allows a hacker to disclose protected information.

The vulnerability of the DownloadDataFromOfficeMarketPlace method in the Microsoft Exchange Server mail server is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

Function _execBuyNftFromMarket() Fails to Check the Actual ETH Balance in the Contract After Executing the Trade

Lines of code Vulnerability details Impact In the function execBuyNftFromMarket, if the user chooses to use WETH, the function deposits ETH and approves the amount of WETH to the marketplace. After executing the trade at the marketplace, the function checks that the balance decrease is correct in...

Attacker can drain pool using executeBuyWithCredit with malicious marketplace payload.

Lines of code Vulnerability details Description Paraspace supports leveraged purchases of NFTs through PoolMarketplace entry points. User calls buyWithCredit with marketplace, calldata to be sent to marketplace, and how many tokens to borrow. function buyWithCredit bytes32 marketplaceId, bytes...