WordPress Court Reservation plugin < 1.10.9 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Court Reservation versions 1.10.9...

CVE-2026-1508

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2025-68852

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2021-41173

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside fro...

Malicious code in subnplanmgmtserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41808cc4bbfb04af471b477a6c3bd56c1b9d5eba6fcc1572d6fda3ba46617d8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-7657

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/updaterows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated...

Gila CMS 跨站脚本漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL from Gila CMS. A cross-site scripting vulnerability exists in Gila CMS version 1.10.9, which stems from the parameter content in file /cm/updaterows/page?id=2 that can lead to a cross-site scripting attack...

PT-2024-38485 · Gila Cms · Gila Cms

Name of the Vulnerable Software and Affected Versions: Gila CMS version 1.10.9 Description: A problematic issue was found in Gila CMS, affecting an unknown part of the file /cm/update rows/page?id=2 within the HTTP POST Request Handler component. The manipulation of the content argument leads to...

gRPC Security Vulnerabilities

gRPC is a modern, open-source, high-performance remote procedure call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC versions prior to 1.10.9, 1.9.15, and 1.8.22, which stems from the ability to allocate memory far beyond the configuration limit for incoming messages...

WordPress LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor = 1.10.9 - Authenticated Contributor+ Stored Cross-Site Scripting versions = 1.10.9...

WordPress plugin LottieFiles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-34349 · WordPress · Lottiefiles

Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

PT-2024-2946

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 1.10.9 Flatpak versions prior to 1.12.9 Flatpak versions prior to 1.14.6 Flatpak versions prior to 1.15.8 Description The issue is related to a sandbox escape vulnerability in Flatpak, which is a system for building,...

CVE-2023-7036

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...

Design/Logic Flaw

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...

GHSA-7J9H-CH38-474R Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad

Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...

PT-2023-32845 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A critical issue affects the import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and...