CVE-2026-25486

CVE-2026-25486 : Craft Commerce (Craft CMS) versions 5.0.0–5.5.1 contain a stored XSS in the Shipping Methods Name field in Store Management, allowing an attacker with store settings/shipping permissions to execute malicious JavaScript in an administrator’s browser. The issue is fixed in version ...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions 5.0.0 to 5.5.1 of Craft Commerce contain a cross-site scripting vulnerability. This vulnerability arises from the transport method name field in the store management section not being properly...

CVE-2025-30897

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through = 5.5.1...

CVE-2024-54135

Summary: CVE-2024-54135 affects ClipBucket-v5 (versions 2.0–5.5.1 Revision 199). The root cause is improper sanitization of user input in upload/photo_upload.php’s decode_key function, which calls PHP unserialize (photos.class.php). This deserialization can be triggered by crafted input via GET (...

CVE-2022-29467

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address...

PT-2019-13432 · WordPress · Blog2Social

Name of the Vulnerable Software and Affected Versions: Blog2Social plugin versions prior to 5.5.1 Description: The issue allows SQL Injection. Recommendations: For Blog2Social plugin versions prior to 5.5.1, update to version 5.5.1 or later to resolve the issue...

Elastic Kibana X-Pack 'CVE-2017-8445' TLS Trust Manager Bypass Vulnerability - Linux

Elastic Kibana with X-Pack is prone to a TLS Trust Manager bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...