WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

Xenforo 代码注入漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 had a code injection vulnerability. This vulnerability stemmed from improper restrictions on methods that could be called within templates, allowing unauthorized method calls to occur...

PT-2026-26295

🔴 CVE-2026-30402 - Critical An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function https://t.co/8FhLUJGd8h https://t.co/nePrCLuz1O...

CVE-2025-33237

creationtimestamp| type| source ---|---|--- 2026-01-28 20:01:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdj2u5cl322r...

EUVD-2025-26219

Malicious code in bioql PyPI...

WordPress plugin CURCY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-2485 · Famethemes · Onepress

Name of the Vulnerable Software and Affected Versions: FameThemes OnePress versions prior to 2.3.7 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions prior to 2.3.7, update to...

PT-2024-12311 · Realwebcare · Realwebcare Wrc Pricing Tables

Name of the Vulnerable Software and Affected Versions: Realwebcare WRC Pricing Tables versions 2.3.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

CVE-2024-1075

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to...

glibc buffer error vulnerability

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc 2.37 and earlier versions, which stems from the presence of a heap-based buffer overflow that can cause an application to crash...

PT-2023-31618 · Iris-Web · Iris-Web

Name of the Vulnerable Software and Affected Versions: iris-web versions prior to v2.3.7 Description: A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations. The vulnerability may allow an attacker to inject malicious scripts into the...

Repox Cross-Site Scripting Vulnerability

Repox is a framework for managing dataspaces from Repox, Inc. A cross-site scripting vulnerability exists in Repox 2.3.7 and earlier versions, which stems from the presence of a stored cross-site scripting XSS vulnerability...

CVE-2023-41868

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ram Ratan Maurya, Codestag StagTools plugin = 2.3.7 versions...

CVE-2022-37936

Unauthenticated Java deserialization vulnerability in Serviceguard Manager...

GHSA-X2V2-2JHP-C5HV Magento stored cross-site scripting vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...

GHSA-VRQ2-W7R7-3FP2 Magento is affected by an improper authorization vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure...

SUSE-SU-2021:3008-1 Security update for mariadb

This update for mariadb fixes the following issues: Update to version 10.2.40 bsc1189320: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389...

Synology DiskStation Manager Command Injection Vulnerability (CNVD-2018-11370)

Synology DiskStation Manager DSM is a set of operating systems for use on networked storage servers NAS from Synology Inc. The operating system can manage information such as data, files, photos, music, etc. EZ-Internet is one of the network configuration tools. A command injection vulnerability...

Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...