CVE-2026-8274

creationtimestamp| type| source ---|---|--- 2026-05-11 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116554414807477280 2026-05-11 06:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlklvhdkzv23 2026-05-11 07:01:13+00:00| seen|...

JLSEC-2026-379

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

CVE-2026-27456

creationtimestamp| type| source ---|---|--- 2026-04-14 13:10:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjhhcqfm6j26 2026-06-03 23:46:41+00:00| seen| https://gist.github.com/C4sh3R/1f99346b1086e7d358ff1be8f5be7a42...

CVE-2026-4597

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

PT-2026-26639

Name of the Vulnerable Software and Affected Versions QVR Pro versions prior to 2.7.4.14 Description QVR Pro is affected by a missing authentication check for critical functions, allowing remote attackers to gain access to the system. The issue allows attackers to bypass authentication and access...

expat-2.7.4-1.1 on GA media (moderate)

expat-2.7.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10144-1 Rating: moderate Cross-References: CVE-2026-24515 CVE-2026-25210 CVSS scores: CVE-2026-24515 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-24515 SUSE : 6.8...

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

PT-2026-4076

Name of the Vulnerable Software and Affected Versions Ninja Team GDPR CCPA Compliance Support versions through 2.7.4 Description A missing authorization issue exists in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance, allowing exploitation of incorrectly configured access control...

WordPress plugin WP Abstracts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-30574

Malicious code in bioql PyPI...

CVE-2025-58231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through = 2.8.0...

WordPress plugin Bitly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CLSA-2025-1754337533 Update of nss

update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Entrust Root Certification Authority" - Certificate "AffirmTrust Commercial" - Certificate "AffirmTrust Networking" - Certificate "AffirmTrust Premium" - Certificate...

CVE-2023-22055

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2023-38382

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4...

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

WordPress plugin Widget Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Click Info plugin <= 2.7.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Click Info versions = 2.7.4...

WordPress myCred plugin <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.7.4...

PT-2024-16179 · Unknown · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor versions up to, and including, 2.7.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data via the render...