CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

CVE-2026-1608

The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1608

The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1608

The CVE concerns the Video Onclick WordPress plugin with the youtube shortcode. All versions up to and including 0.4.7 are affected due to insufficient input sanitization and output escaping of user-supplied attributes, enabling Stored Cross‑Site Scripting. Exploitation requires authenticated acc...

EUVD-2026-5739

The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1608

The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Yahei-PHP Prober 跨站脚本漏洞

Yahei-PHP Prober is a PHP environment checking script by an individual developer in Zhou, China. A cross-site scripting vulnerability exists in Yahei-PHP Prober version 0.4.7, which stems from unvalidated input of the speed parameter in the prober.php file, which could lead to an HTML injection...

CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection (XSS) in the speed parameter of prober.php. The vulnerability arises from unvalidated input in the speed GET parameter, allowing an attacker to inject arbitrary HTML that can execute in a user’s browser. Affected software: Yahei-PHP Prober, ...

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

PT-2026-1678

Name of the Vulnerable Software and Affected Versions Yahei-PHP Prober version 0.4.7 Description The software contains a remote HTML injection issue that enables attackers to execute arbitrary HTML code. This is achieved by injecting malicious HTML code into the speed GET parameter of the...

EUVD-2022-29928

Malicious code in bioql PyPI...

CVE-2024-24766

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

CVE-2023-37996

Cross-Site Request Forgery CSRF vulnerability in GTmetrix GTmetrix for WordPress plugin = 0.4.7 versions...

PT-2024-31200 · WordPress · Squelch Tabs/Accordions Shortcodes

Name of the Vulnerable Software and Affected Versions: Squelch Tabs and Accordions Shortcodes plugin for WordPress versions up to, and including, 0.4.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation when saving plugin settings. This...

PT-2024-14713 · Unknown · Onos-Kpimon

Name of the Vulnerable Software and Affected Versions: onos-kpimon version 0.4.7 Description: The issue allows out-of-bounds array access in the processIndicationFormat1 function. Recommendations: For version 0.4.7, consider disabling the processIndicationFormat1 function until a patch is availab...

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...