PT-2026-45728

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

Astra Linux - уязвимость в ruby-rails-html-sanitizer

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

WordPress Google PageRank Display plugin <= 1.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Google PageRank Display versions = 1.4...

CVE-2026-33895

Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S

CVE-2026-27831 rldns Vulnerable to Heap-based Out-of-Bounds Read

rldns is an open source DNS server. Version 2.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

CVE-2026-27831

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

EUVD-2026-8787

rldns is an open source DNS server. Version 2.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

PT-2026-21578

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description The UDM component of free5gc, used for Unified Data Management in 5G mobile core networks, discloses detailed internal error messages to remote clients when processing invalid...

CVE-2025-62103

Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...

PT-2025-49885

Cross-Site Request Forgery CSRF vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through = 1.4...

CVE-2025-60242 WordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

PT-2025-44288

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker. Recommendations Update Jenkins Start Windocks...

EUVD-2025-36007

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

PT-2025-43810

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

EUVD-2023-27236

Malicious code in bioql PyPI...

PT-2025-39021

Name of the Vulnerable Software and Affected Versions WPFactory Adverts versions through 1.4 Description A flaw exists in WPFactory Adverts that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability cou...

PT-2025-32172 · Electrolink · Electrolink Fm/Dab/Tv Transmitter Web Management System +1

Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter Web Management System versions 01.07, 01.08, and 01.09 Electrolink Display version 1.2 Electrolink Display version 1.4 Description: The Electrolink FM/DAB/TV Transmitter Web Management System is susceptible t...

CVE-2021-2319

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...