EUVD-2026-24700

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

EUVD-2020-31048

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

P5 FNIP-8x16A和P5 FNIP-4xSH 跨站请求伪造漏洞

The P5 FNIP-8x16A and P5 FNIP-4xSH are Ethernet relay controllers produced by the British company P5. Versions 1.0.20 of both devices contain a cross-site request forgery vulnerability. This vulnerability is due to a susceptibility to cross-site request forgery attacks, which may allow attackers ...

CVE-2025-69025

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through = 1.0.20...

CVE-2025-69025

CVE-2025-69025 describes Exposure of Sensitive System Information to an Unauthorized Control Sphere in Poptics (Branda/Popup Builder plugin family). Affected software: Poptics – AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent & WooCommerce Popups; vulnerable versions are up...

PT-2025-53906

Name of the Vulnerable Software and Affected Versions Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales versions through 1.0.20 Description The software contains a flaw that allows retrieval of embedded sensitive data. This...

CVE-2025-8195

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2025-47014

Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...

EUVD-2025-23573

Malicious code in bioql PyPI...

CVE-2025-54795

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via improper...

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

CVE-2025-54795

CVE-2025-54795 affects Claude Code. Multiple connected sources confirm a command parsing error in versions below 1.0.20 that can bypass the in-application confirmation prompt and trigger execution of untrusted commands when attack content is fed into the Claude Code context window. Impacted data/...

CVE-2024-50468

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faceleg Raptor Editor wp-raptor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through = 1.0.20...

CVE-2021-24426

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...

CVE-2025-28009

A SQL Injection vulnerability exists in the u parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20...