CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

EUVD-2026-20261

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

PT-2026-31184

CVE-2026-39619 Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a t… https://t.co/PP035okJ62...

GHSA-CPJ3-3R2F-XJ59 OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

CVE-2025-68617

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

EUVD-2025-29009

Malicious code in bioql PyPI...

CVE-2020-11820

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entitiesid parameter...

CVE-2025-39458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2...

DEBIAN-CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

WordPress Advanced Cron Manager – debug & control plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Advanced Cron Manager – debug & control versions = 2.5.2...

CVE-2023-47815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Venutius BP Profile Shortcodes Extra plugin = 2.5.2 versions...

WordPress Plugin Better Search 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PYSEC-2023-2

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

WordPress plugin Database Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5....

PYSEC-2021-829

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

FFmpeg and Libav 'libavcodec/xface.h' Denial of Service Vulnerability

FFmpeg is a free program that performs recording, transferring and streaming of audio and video in various formats. FFmpeg versions prior to 2.5.2 libavcodec/xface.h establishes certain numeric and word array dimensions that do not conform to the required mathematical relationships, which can be...