CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file=download=../../1.txt...

CVE-2025-62090

Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons:...

CVE-2025-30938 WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through = 3.0.2...

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

CVE-2022-41474

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily change the password of any account...

WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...

Pixel & tonic Craft CMS Security Vulnerability

Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic USA. A security vulnerability exists in Craft CMS Audit Plugin versions prior to 3.0.2. An attacker can exploit the vulnerability to execute arbitrary code...

UBUNTU-CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts

Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...

CVE-2022-4761 Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode

The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

DEBIAN-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...