WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

CVE-2026-36829

CVE-2026-36829 affects Panabit PAP-XM320 (up to v7.7). The embedded HTTP server authenticates via a cookie-based value checked against the filesystem, using a user-controlled cookie without proper sanitization. This leads to a directory traversal scenario and authentication bypass, enabling bypas...

EUVD-2026-28481

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogssbidiscoveryoptionaddsnssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly...

EUVD-2026-15847

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

CVE-2026-32400 WordPress Boldman theme <= 7.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...

CVE-2026-32400 WordPress Boldman theme <= 7.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...

PT-2026-25246

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...

EUVD-2024-55395

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and 7.8 on CP4D 5.1 do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service...

CVE-2025-68974 WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

WordPress plugin WordPress Social Login and Register 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-7733

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

EUVD-2025-204640

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

CVE-2025-7782 WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

CVE-2025-7733 WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-7733

CVE-2025-7733 affects the WP JobHunt WordPress plugin (up to 7.7) via Insecure Direct Object Reference in the cs_update_application_status_callback, caused by missing validation on a user-controlled key. This allows authenticated users with Candidate-level access and above to send a site-generate...

PT-2025-52166

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through = 7.7.2...

WordPress plugin ANAC XML Bandi di Gara 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

PT-2025-48285

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

WordPress WP JobHunt plugin <= 7.6 Authenticated (Custom+) Authorization Bypass vulnerability

WordPress WP JobHunt plugin = 7.6 Authenticated Custom+ Authorization Bypass vulnerability discovered by meghnine islem in WordPress Plugin WP JobHunt versions = 7.6...