515 matches found
EUVD-2026-29400
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715 Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715
The Voyage Plus WordPress plugin is vulnerable to Stored XSS via the class attribute of the post-content shortcode in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access can inje...
WordPress Voyage Plus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Voyage Plus versions = 1.0.6...
parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
EUVD-2025-209729
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
GHSA-X72J-HV9F-QQH4 parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
NPM: parse-ini is vulnerable to Prototype Pollution in index.js()
NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...
parse-ini 安全漏洞
parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63703
CVE-2025-63703 affects the npm package parse-ini v1.0.6 and is a Prototype Pollution vulnerability in index.js(). The accompanying metrics indicate a CRITICAL impact (CVSS 3.1: 9.8) with NETWORK attack vector, no privileges required, no user interaction, and high impact on confidentiality, integr...
PT-2026-38452
Name of the Vulnerable Software and Affected Versions parse-ini version 1.0.6 Description The npm package is subject to Prototype Pollution within the index.js function. Prototype Pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to altered applicati...
CVE-2026-39668
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through = 1.0.6...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...