CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

CVE-2026-45033

GitHub Copilot CLI (affected component: Git operations in Copilot CLI) contains a local privilege/command execution flaw exposed when a malicious bare git repository is nested within a project directory. The issue arises from git auto-discovery of bare repositories during directory traversal, all...

CVE-2023-25039

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43...

WordPress Wishlist plugin <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Wishlist versions = 1.0.43...

CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

PT-2025-47702

Name of the Vulnerable Software and Affected Versions Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to and including 1.0.43 Description The Flo Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin permits SVG fi...

WordPress plugin Flo Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2016-1983

Malware in sbrugna...

EUVD-2025-10750

Malicious code in bioql PyPI...

CVE-2025-49075

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Stored XSS.This issue affects Wishlist: from n/a through = 1.0.43...

CVE-2025-49075 WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43...

CVE-2025-32618

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32618 WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

PT-2025-16086 · Pickplugins · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.43 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection in PickPlugins Wishlist...

WordPress plugin Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Flo Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-26899

The CVE-2025-26899 entry documents a Cross-Site Request Forgery (CSRF) to Settings Change vulnerability in the WordPress plugin Recapture for WooCommerce, affecting versions from n/a up to 1.0.43. Connected sources confirm the vulnerability type and impacted version range, but do not provide expl...

WordPress plugin Recapture for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...