CVE-2026-8422

CVE-2026-8422 concerns the WordPress plugin Remove meta boxes per user role (versions up to and including 1.01). The vulnerability stems from missing or incorrect nonce validation on the remove-meta-boxes-per-user-role page, enabling CSRF. This could allow unauthenticated attackers to modify or r...

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

PT-2026-45709

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

CVE-2026-7462

The VatanSMS WP SMS plugin for WordPress is affected by a Reflected Cross-Site Scripting (XSS) vulnerability via the page parameter in all versions up to 1.01. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers could inject arbitrary scripts into pa...

CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

D-Link DIR-645 安全漏洞

The D-Link DIR-645 is a wireless router produced by D-Link Corporation. Versions 1.01, 1.02, and 1.03 of the D-Link DIR-645 contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the function hedwigcgimain located in the /cgi-bin/hedwig.cg...

CVE-2023-7339

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01...

PT-2026-21429

Name of the Vulnerable Software and Affected Versions Tosei Online Store Management System version 1.01 Description A security flaw exists in the function system of the /cgi-bin/monitor.php file within the HTTP POST Request Handler component. Manipulation of the DevId argument results in operatin...

Tosei Online Store Management System 操作系统命令注入漏洞

Tosei Online Store Management System is an online store management system developed by Tosei Corporation. Version 1.01 of the Tosei Online Store Management System contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

TimeClock SQL injection vulnerability

TimeClock is a time management software developed by TimeClock Corporation. Version 1.01 of TimeClock contains a SQL injection vulnerability. This vulnerability stems from the notes parameter in the addentry.php endpoint, which allows for time-based SQL injections, potentially enabling enumeratio...

CVE-2026-1192

A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imodealldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploi...

Tosei Online Store Management System Command Injection Vulnerability

Tosei Online Store Management System is an online store management system developed by Tosei Corporation. Version 1.01 of the Tosei Online Store Management System contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter DevId in the...

CVE-2022-35191

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service DoS via a crafted HTTP connection request...

D-Link DAP-1325 访问控制错误漏洞

The D-Link DAP-1325 is a wireless access point/bridge from China's AUO D-Link, which is primarily used to provide wireless network coverage and has a bridging function to convert a wired network to a wireless network or connect two wireless networks together. An access control error vulnerability...

CVE-2025-13966

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttomimage' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Paypal Payment Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2016-1955

Malware in sbrugna...

EUVD-2007-4877

Malware in sbrugna...