PT-2026-20766

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.46...

SUSE CVE-2026-23511

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

CVE-2026-23511

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

CVE-2026-23511

CVE-2026-23511 affects Zitadel, an open source identity management platform. A user enumeration flaw in login interfaces allows an unauthenticated attacker to verify the existence of valid user accounts by iterating through usernames and userIDs. The issue is present in multiple versions prior to...

WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Post Type Attachment versions = 3.4.6...

CVE-2025-58794

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5...

AZL-59544 CVE-2025-2784 affecting package libsoup for versions less than 3.4.4-6

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from a model export endpoint that does not restrict the export location, which could lead to arbitrary file overwrites...

WordPress Terms descriptions plugin <= 3.4.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Terms descriptions versions = 3.4.6...

CVE-2024-47313

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...

CVE-2023-46307

Summary: CVE-2023-46307 affects etcd-browser (build 87ae63d75260). The vulnerability is in server.js and enables a directory traversal by supplying a /../../../ path in the URL in a remote-connection context, allowing retrieval of local operating system files on the remote system. Impact: potenti...

CVE-2022-34650

creationtimestamp| type| source ---|---|--- 2022-07-22 20:23:44+00:00| seen| https://t.me/cibsecurity/46836...

Centreon cross-site scripting vulnerability (CNVD-2018-17879)

Centreon is a free and open source IT and application monitoring software. A cross-site scripting vulnerability exists in Centreon version 3.4.6 and Centreon Web version 2.8.23. A remote attacker can exploit this vulnerability to inject a payload into a username or command description...

DEBIAN-CVE-2015-7972

The 1 libxlsetmemorytarget function in tools/libxl/libxl.c and 2 libxlbuildpost function in tools/libxl/libxldom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand PoD system, which allows local HVM guest users to cause a denial of service...

CVE-2025-34651

CVE-2025-34651 is rejected/not used and does not represent an active vulnerability entry.