CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-32450 WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...

CVE-2025-66944

SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...

PT-2026-22964

SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. Version 1.01.07 of the D-Link DWR-M960 contains a security vulnerability. This vulnerability stems from incorrect handling of a parameter called submit-url in the function sub460F30 of the Scheduled Reboot Configuration Endpoint, whi...

CVE-2025-48023

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package for CENTU...

CVE-2026-25047

deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8...

WordPress plugin WorkScout has cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-66148

Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through = 1.0.7...

CVE-2025-12128

CVE-2025-12128 concerns the WordPress plugin “Hide Categories Or Products On Shop Page” and affects versions up to and including 1.0.7. The issue is Cross-Site Request Forgery caused by missing or incorrect nonce validation in the save_data_hcps() function. This enables unauthenticated attackers ...

CVE-2025-10299

The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctlcreatelink AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with...

EUVD-2025-27139

Malicious code in bioql PyPI...

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU with CVEs CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Delta Electronics InfraSuite Device Master Security Vulnerability

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions that originated from a...

CVE-2023-38718

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606...

SUSE-SU-2021:1637-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

PT-2020-6540 · Gsoap · Gsoap

Name of the Vulnerable Software and Affected Versions: gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of gSOAP. This issue can be triggered by a specially crafted SOAP request, leading to denial of service. An attacker can exploit this ...